Update page "Configure server-to-server authentication between publishing and consuming farms"

[Yvand]

Current version of the article configures all SharePoint farms to use the same authentication realm, which causes problems:

• It may cause issues with workloads that rely on OAuth (e.g. add-ins, Workflow Manager, Office Online Server).
• All farms get full trust permission between each other and can do everything on each other.

I changed the procedure to preserve the original unique authentication realm on every SharePoint farm, and set just the permissions actually required for the social features to work.

[kenwith]

@Yvand - thank you for the work on this change and taking the time to make the docs better. It is much appreciated!

@AndreaBarr - can you get this into the backlog for the SharePoint team to review? This is a Pull Request but fairly significant change so the writer that owns this article will need to handle it.

[Yvand]

@kenwith my pleasure, after so much effort I thought I had to share this!
It's indeed a significant change, I worked incrementally to grant only permissions that are actually required, and made quite a lot of tests to ensure that all social features work.

In case you are looking for a not-too-complicated way to repro this, I started from this Azure template, provisioned it with a front-end, removed the front-end from the farm to create a separate 2nd farm.

I'm happy to help if needed.

[Yvand]

Wow, this was approved really fast.
Now that the article is live I see some issues with the links and a typo in the script.
I also see improvements to make in the text and in the prereqs. I'll submit a new PR very soon to correct all of this.