Add-ADFSClaimsProviderTrust
Adds a new claims provider trust to the Federation Service.
Add-ADFSClaimsProviderTrust -Identifier <string> -Name <string> -TokenSigningCertificate <X509Certificate2[]> [-AcceptanceTransformRules <string>] [-AcceptanceTransformRulesFile <string>] [-AllowCreate <Boolean>] [-AutoUpdateEnabled <Boolean>] [-ClaimOffered <ClaimDescription[]>] [-Enabled <Boolean>] [-EncryptionCertificate <X509Certificate2>] [-EncryptionCertificateRevocationCheck <string>] [-MetadataUrl <Uri>] [-MonitoringEnabled <Boolean>] [-Notes <string>] [-PassThru] [-ProtocolProfile <string>] [-RequiredNameIdFormat <Uri>] [-RequiresEncryptedNameID <System.Nullable[bool]>] [-SamlAuthenticationRequestIndex <int>] [-SamlAuthenticationRequestParameters <string>] [-SamlAuthenticationRequestProtocolBinding <string>] [-SamlEndpoint <SamlEndpoint[]>] [-SignatureAlgorithm <string>] [-SignedSamlRequestsRequired <System.Nullable[bool]>] [-SigningCertRevocationCheck <string>] [-WSFedEndpoint <Uri>] [-Confirm] [-WhatIf] [<CommonParameters>]
Identifier
Name
TokenSigningCertificate
AcceptanceTransformRules
AcceptanceTransformRulesFile
AllowCreate
AutoUpdateEnabled
ClaimOffered
Enabled
EncryptionCertificate
EncryptionCertificateRevocationCheck
MetadataUrl
MonitoringEnabled
Notes
PassThru
ProtocolProfile
RequiredNameIdFormat
RequiresEncryptedNameID
SamlAuthenticationRequestIndex
SamlAuthenticationRequestParameters
SamlAuthenticationRequestProtocolBinding
SamlEndpoint
SignatureAlgorithm
SignedSamlRequestsRequired
SigningCertRevocationCheck
WSFedEndpoint
Confirm
WhatIf
Add-ADFSClaimsProviderTrust -Name [-AcceptanceTransformRules ] [-AcceptanceTransformRulesFile ] [-AllowCreate ] [-AutoUpdateEnabled ] [-Enabled ] [-EncryptionCertificateRevocationCheck ] [-MetadataFile ] [-MetadataUrl ] [-MonitoringEnabled ] [-Notes ] [-PassThru] [-ProtocolProfile ] [-RequiredNameIdFormat ] [-RequiresEncryptedNameID <System.Nullable[bool]>] [-SamlAuthenticationRequestIndex ] [-SamlAuthenticationRequestParameters ] [-SamlAuthenticationRequestProtocolBinding ] [-SignatureAlgorithm ] [-SignedSamlRequestsRequired <System.Nullable[bool]>] [-SigningCertRevocationCheck ] [-Confirm] [-WhatIf] []
Name
AcceptanceTransformRules
AcceptanceTransformRulesFile
AllowCreate
AutoUpdateEnabled
Enabled
EncryptionCertificateRevocationCheck
MetadataFile
MetadataUrl
MonitoringEnabled
Notes
PassThru
ProtocolProfile
RequiredNameIdFormat
RequiresEncryptedNameID
SamlAuthenticationRequestIndex
SamlAuthenticationRequestParameters
SamlAuthenticationRequestProtocolBinding
SignatureAlgorithm
SignedSamlRequestsRequired
SigningCertRevocationCheck
Confirm
WhatIf
The Add-ADFSClaimsProviderTrust cmdlet adds a new claims provider trust to the Federation Service. A claims provider trust can be specified manually, or a federation metadata document may be provided to bootstrap initial configuration.
Specifies the claim acceptance transform rules for accepting claims from this claims provider.
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies a file containing the claim acceptance transform rules for accepting claims from this claims provider.
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies whether the SAML parameter AllowCreate should be sent in SAML requests to the claims provider. By default, this parameter is true.
Default Value: **
Data Type: Boolean
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies whether changes to the federation metadata at the MetadataURL that is being monitored are applied automatically to the configuration of the trust relationship. Partner claims, certificates, and endpoints are updated automatically if this parameter is enabled (true).
Note: When auto-update is enabled, fields that can be overwritten by metadata become read only.
Default Value: **
Data Type: Boolean
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies the claims that are offered by this claims provider.
Default Value: **
Data Type: ClaimDescription[]
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
true |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
true (ByValue) |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
true |
variableLength |
Specifies whether the claims provider trust is enabled or disabled.
Default Value: **
Data Type: Boolean
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies the certificate to be used for encrypting a NameID to this claims provider in SAML logout requests. Encrypting the NameID is optional.
Default Value: **
Data Type: X509Certificate2
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Name | Value |
---|---|
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
Specifies the unique identifier for this claims provider trust. No other trust may use an identifier from this list. Uniform Resource Identifiers (URIs) are often used as unique identifiers for a claims provider trust, but any string of characters may be used.
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies a file path, such as c:\metadata.xml, that contains the federation metadata to be used when this claims provider trust is created.
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies a URL at which the federation metadata for this claims provider trust is available.
Default Value: **
Data Type: Uri
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies whether periodic monitoring of this claims provider's federation metadata is enabled. The URL of the claims provider's federation metadata is specified by the MetadataUrl parameter.
Default Value: **
Data Type: Boolean
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies the friendly name of this claims provider trust.
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies any notes for this claims provider trust.
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Passes an object to the pipeline. By default, this cmdlet does not generate any output.
Default Value: **
Data Type: SwitchParameter
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
This parameter controls which protocol profiles the claims provider supports. The protocols can be one of the following: {SAML, WsFederation, WsFed-SAML}. The default is WsFed-SAML, which indicates that both protocols are supported.
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies the format that is required for NameID claims to be included in SAML requests to the claims provider. By default, no format is required.
Default Value: **
Data Type: Uri
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies whether this claims provider requires the NameID claim to be encrypted in SAML logout requests.
Default Value: **
Data Type: System.Nullable[bool]
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies the value of AssertionConsumerServiceIndex that will be placed in SAML authentication requests that are sent to the claims provider.
Default Value: **
Data Type: int
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies which of the parameters (AssertionConsumerServiceIndex, AssertitionConsumerServiceUrl, ProtocolBinding) will be used in SAML authentication requests to the claims provider. Specify a value from the set: {None, Index, Url, ProtocolBinding, UrlWithProtocolBinding}
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies the value of ProtocolBinding that will be placed in SAML authentication requests to the claims provider. Use values from the set: {Artifact, Post, Redirect}
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies the SAML protocol endpoints for this claims provider.
Default Value: **
Data Type: SamlEndpoint[]
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
true |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
true (ByValue) |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
true |
variableLength |
Specifies the signature algorithm that the claims provider uses for signing and verification. Valid values are:
https://www.w3.org/2000/09/xmldsig\#rsa-sha1
https://www.w3.org/2001/04/xmldsig-more\#rsa-sha256
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies whether signed SAML protocol requests are required for this claims provider. When the value of this parameter is true, all SAML protocol requests to this claims provider will be signed.
Default Value: **
Data Type: System.Nullable[bool]
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies the type of validation that should occur for the signing certificate when signatures are processed. Valid values are None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludingRoot, and CheckChainExcludingRootCacheOnly.
Default Value: **
Data Type: string
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Specifies the token-signing certificates to be used by the claims provider.
Default Value: **
Data Type: X509Certificate2[]
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
true |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
true (ByValue) |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
true |
variableLength |
Specifies the WS-Federation Passive URL for this claims provider.
Default Value: **
Data Type: Uri
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
true |
required |
Variable Length? |
false |
variableLength |
Prompts you for confirmation before executing the command.
Default Value: **
Data Type: SwitchParameter
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
true |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
Describes what would happen if you executed the command without actually executing the command.
Default Value: **
Data Type: SwitchParameter
Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
true |
variableLength |
Accept wildcard characters? |
false |
globbing |
Accept Pipeline Input? |
false |
pipelineInput |
Position? |
named |
position |
Value Attributes
Name | Value | PSMAML Attribute |
---|---|---|
Required? |
false |
required |
Variable Length? |
false |
variableLength |
The claims provider is responsible for collecting and authenticating a user's credentials, building up claims for that user, and packaging the claims into security tokens. In other words, a claims provider represents the organization for whose users the claims provider issues security tokens on their behalf. When you configure AD FS 2.0 to use federation services, the role of the claims provider is to enable its users to access resources that a relying party organization hosts by establishing one side of a federation trust relationship. After the trust is established, tokens can be presented to the relying party across the federation trust.
- The claims provider is responsible for collecting and authenticating a user's credentials, building up claims for that user, and packaging the claims into security tokens. In other words, a claims provider represents the organization for whose users the claims provider issues security tokens on their behalf. When you configure AD FS 2.0 to use federation services, the role of the claims provider is to enable its users to access resources that a relying party organization hosts by establishing one side of a federation trust relationship. After the trust is established, tokens can be presented to the relying party across the federation trust.
Command Prompt: C:\PS>
Add-ADFSClaimProviderTrust -Name 'Fabrikam' -MetadataURL 'https://fabrikam.com/federationmetadata/2007-06/federationmetadata.xml'
Description
-----------
Adds a claims provider trust named Fabrikam for federation.
Get-ADFSClaimsProviderTrust
Remove-ADFSClaimsProviderTrust
Set-ADFSClaimsProviderTrust
Enable-ADFSClaimsProviderTrust
Disable-ADFSClaimsProviderTrust
Update-ADFSClaimsProviderTrust