After running the step “Create a form-based Security Token Service site” of guide “Deploy an Enterprise Portal site that uses forms-based authentication [AX 2012]” we create provider with Add-AXSharepointClaimsAuthenticationProvider.
The problem we sometimes have that signing url which will assign to this provider will look like http://machine_name.fqdn:port/_layouts/<provider name>/Login.aspx (i.e. http://dax2012.contoso.com:7000/_layouts/FormsAuth/Logis.aspx ) which is OK, but not when we want to use host headers. So we get quite often the request how the sign url can be change. We can do it using SharePoint Power Shell command Set-SPTrustedIdentityTokenIssuer:
Set-SPTrustedIdentityTokenIssuer -SignInUrl https://sign.contoso.com:443/_Layouts/FormsAuth/Login.aspx -Identity FormsAuth -ImportTrusCertificate <path to signing certificate .cer file>