Condividi tramite


Set-ADFSClaimsProviderTrust

Set-ADFSClaimsProviderTrust

Sets the properties of a claims provider trust.

Syntax

Parameter Set: Identifier
Set-ADFSClaimsProviderTrust -TargetIdentifier <String> [-AcceptanceTransformRules <String> ] [-AcceptanceTransformRulesFile <String> ] [-AllowCreate <Boolean> ] [-AutoUpdateEnabled <Boolean> ] [-ClaimOffered <ClaimDescription[]> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequiredNameIdFormat <Uri> ] [-SamlAuthenticationRequestIndex <UInt16> ] [-SamlAuthenticationRequestParameters <String> ] [-SamlAuthenticationRequestProtocolBinding <String> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenSigningCertificate <X509Certificate2[]> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: IdentifierName
Set-ADFSClaimsProviderTrust -TargetName <String> [-AcceptanceTransformRules <String> ] [-AcceptanceTransformRulesFile <String> ] [-AllowCreate <Boolean> ] [-AutoUpdateEnabled <Boolean> ] [-ClaimOffered <ClaimDescription[]> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequiredNameIdFormat <Uri> ] [-SamlAuthenticationRequestIndex <UInt16> ] [-SamlAuthenticationRequestParameters <String> ] [-SamlAuthenticationRequestProtocolBinding <String> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenSigningCertificate <X509Certificate2[]> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: IdentifierObject
Set-ADFSClaimsProviderTrust -TargetClaimsProviderTrust <ClaimsProviderTrust> [-AcceptanceTransformRules <String> ] [-AcceptanceTransformRulesFile <String> ] [-AllowCreate <Boolean> ] [-AutoUpdateEnabled <Boolean> ] [-ClaimOffered <ClaimDescription[]> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequiredNameIdFormat <Uri> ] [-SamlAuthenticationRequestIndex <UInt16> ] [-SamlAuthenticationRequestParameters <String> ] [-SamlAuthenticationRequestProtocolBinding <String> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenSigningCertificate <X509Certificate2[]> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: TokenSigningCertificates
Set-ADFSClaimsProviderTrust -TargetCertificate <X509Certificate2> [-AcceptanceTransformRules <String> ] [-AcceptanceTransformRulesFile <String> ] [-AllowCreate <Boolean> ] [-AutoUpdateEnabled <Boolean> ] [-ClaimOffered <ClaimDescription[]> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequiredNameIdFormat <Uri> ] [-SamlAuthenticationRequestIndex <UInt16> ] [-SamlAuthenticationRequestParameters <String> ] [-SamlAuthenticationRequestProtocolBinding <String> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenSigningCertificate <X509Certificate2[]> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Set-ADFSClaimsProviderTrust cmdlet configures the trust relationship with a claims provider.

Parameters

-AcceptanceTransformRules<String>

Specifies the claim acceptance transform rules for accepting claims from this claims provider.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-AcceptanceTransformRulesFile<String>

Specifies a file that contains the claim acceptance transform rules for accepting claims from this claims provider.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-AllowCreate<Boolean>

Specifies whether the SAML parameter AllowCreate should be sent in SAML requests to the claims provider. By default, this parameter is true.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-AutoUpdateEnabled<Boolean>

Specifies whether changes to the federation metadata at the MetadataURL that is being monitored are automatically applied to the configuration of the trust relationship. Partner claims, certificates, and endpoints are updated automatically if this parameter is enabled (true).

Note: When auto-update is enabled, fields that can be overwritten by metadata become read only.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ClaimOffered<ClaimDescription[]>

Specifies the claims that are offered by this claims provider.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-EncryptedNameIdRequired<Boolean>

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-EncryptionCertificate<X509Certificate2>

Specifies the certificate to be used for encrypting a NameID to this claims provider in SAML logout requests. Encrypting the NameID is optional.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-EncryptionCertificateRevocationCheck<String>

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Identifier<String>

Specifies the unique identifier for this claims provider trust. No other trust may use an identifier from this list. Uniform Resource Identifiers (URIs) are often used as unique identifiers for a claims provider trust, but any string of characters may be used.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-MetadataUrl<Uri>

Specifies the URL at which the federation metadata for this claims provider trust is available.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-MonitoringEnabled<Boolean>

Specifies whether periodic monitoring of this claims provider's federation metadata is enabled. The URL of the claims provider's federation metadata is specified by the MetadataUrl parameter.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Name<String>

Specifies the friendly name of this claims provider trust.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Notes<String>

Specifies any notes for this claims provider trust.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-PassThru

Passes an object to the pipeline. By default, this cmdlet does not generate any output.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ProtocolProfile<String>

This parameter controls which protocol profiles the claims provider supports. It must be set to one of the following recognized strings: {SAML, WsFederation, WsFed-SAML}. By default, both SAML and WS-Federation protocols are supported (WsFed-SAML).

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RequiredNameIdFormat<Uri>

Specifies the format that is required for NameID claims to be included in SAML requests to the claims provider. By default, no format is required.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SamlAuthenticationRequestIndex<UInt16>

Specifies the value of AssertionConsumerServiceIndex that will be placed in SAML authentication requests that are sent to the claims provider.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SamlAuthenticationRequestParameters<String>

Specifies which of the parameters (AssertionConsumerServiceIndex, AssertitionConsumerServiceUrl, ProtocolBinding) will be used in SAML authentication requests to the claims provider. Specify a value from the following set: {None, Index, Url, ProtocolBinding, UrlWithProtocolBinding}.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SamlAuthenticationRequestProtocolBinding<String>

Specifies the value of ProtocolBinding that will be placed in SAML authentication requests to the claims provider. Use values from the following set: {Artifact, Post, Redirect}.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SamlEndpoint<SamlEndpoint[]>

Specifies the SAML protocol endpoints for this claims provider.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-SignatureAlgorithm<String>

Specifies the signature algorithm that the claims provider uses for signing and verification. Valid values are as follows:

http://www.w3.org/2000/09/xmldsig\#rsa-sha1

http://www.w3.org/2001/04/xmldsig-more\#rsa-sha256

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SignedSamlRequestsRequired<Boolean>

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SigningCertificateRevocationCheck<String>

Specifies the type of certificate validation that should occur when signatures are verified on responses or assertions from the claims provider. Valid values are None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludingRoot, and CheckChainExcludingRootCacheOnly.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-TargetCertificate<X509Certificate2>

Specifies the certificate of the claims provider trust that will be modified by the cmdlet.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-TargetClaimsProviderTrust<ClaimsProviderTrust>

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-TargetIdentifier<String>

Specifies the identifier of the claims provider trust that will be modified by the cmdlet.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-TargetName<String>

Specifies the friendly name of the claims provider trust that will be modified by the cmdlet.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-TokenSigningCertificate<X509Certificate2[]>

Specifies the token-signing certificates that the claims provider uses.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WSFedEndpoint<Uri>

Specifies the WS-Federation Passive URL for this claims provider.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • Microsoft.IdentityServer.PowerShell.Resources.ClaimsProviderTrust

    A class structure that represents a claims provider trust.

Outputs

The output type is the type of the objects that the cmdlet emits.

  • None

Notes

  • The claims provider collects and authenticates a user's credentials, builds up claims for that user, and packages the claims into security tokens or Information Cards. In other words, a claims provider represents the organization for whose users the claims provider issues security tokens or Information Cards on their behalf. When you configure Active Directory Federation Services (AD FS) 2.0, the role of the claims provider is to enable its users to access resources that are hosted in a relying party organization by establishing one side of a federation trust relationship. After the trust is established, tokens and Information Cards can be presented to a relying party across the federation trust.

Examples

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

Enables auto-update for the claims provider trust.

C:\PS>Set-ADFSClaimsProviderTrust -TargetName "My claims provider" -AutoUpdateEnabled $false

Disable-ADFSClaimsProviderTrust

Enable-ADFSClaimsProviderTrust

Get-ADFSClaimsProviderTrust

Remove-ADFSClaimsProviderTrust

Update-ADFSClaimsProviderTrust