Lync 2013 – Oauth On-Premises (Lync Server 2013 and Exchange 2013)

What is this?

Since Lync Server 2013, there is a new prerequisite on the Lync Servers for Exchange 2013 interconnection: This will allow you to use :

  • Unified Contact Store (UCS)
  • Exchange OWA IM and presence Integration

Windows Identity Foundation

  “It’s a new extension to the Microsoft .NET Framework that makes it easy for developers to enable advanced identity capabilities in the .NET Framework applications.” This feature has been created to support server to server authentication. It is used by asp.net and Windows Communication Foundation applications. (In our situation, by Lync server 2013 and Exchange Server 2013)   In order to configure Oauth, you must do two things:

  • Assign a certificate to Lync Server’s
  • Set Exchange as a partner application.

Please note : “It should also be pointed out that you do not need to use server-to-server authentication: server-to-server authentication is not required in order to deploy Lync Server 2013. If Lync Server 2013 does not need to communicate with other servers (such as Exchange 2013) then server-to-server authentication is not needed.” Source   Also note that “your Lync Server 2013 default certificate can also be used as the OAuthTokenIssuer certificate” Source


Installation

There is two ways to install the WIF : Windows Server 2008 R2    Install with the Windows Identity Foundation (KB974405) installer.   Windows Server 2012    Server Manager Go to Add Roles and Features Wizard, select Features. Select Windows Identity Foundation 3.5 from the list. Click Next, then click Install.   Powershell

Add-WindowsFeature Windows-Identity-Foundation

Once WIF has been installed you can run Deployment Wizard and Assign the Lync default certificate to Oauth certificate.


Sources

Description of Windows Identity Foundation (http://support.microsoft.com/kb/974405/en-us) Microsoft TechNet – Lync Server 2013 (http://technet.microsoft.com/en-us/library/gg398616.aspx)