Add-AdfsNonClaimsAwareRelyingPartyTrust
Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service.
Syntax
Add-AdfsNonClaimsAwareRelyingPartyTrust
[-Name] <String>
[-Identifier] <String[]>
[-AlwaysRequireAuthentication]
[-Enabled <Boolean>]
[-IssuanceAuthorizationRules <String>]
[-IssuanceAuthorizationRulesFile <String>]
[-Notes <String>]
[-PassThru]
[-AdditionalAuthenticationRules <String>]
[-AdditionalAuthenticationRulesFile <String>]
[-AccessControlPolicyName <String>]
[-AccessControlPolicyParameters <Object>]
[-ClaimsProviderName <String[]>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Add-AdfsNonClaimsAwareRelyingPartyTrust cmdlet creates a relying party trust for web applications or services that do not rely directly on Active Directory Federation Services (AD FS) to issue tokens, but instead rely on a third party that accesses such tokens and transforms them into what applications understand. A non-claims-aware relying party trust is useful for defining authentication and authorization policies for web applications and services that do not rely on AD FS tokens. The Web Application Proxy requests such tokens for pre-authentication to web applications or services that have corresponding non-claims-aware relying party trusts for requests that come from outside the network through the proxy.
Examples
Example 1: Add a non-claims-aware relying party trust for an application
PS C:\> Add-AdfsNonClaimsAwareRelyingPartyTrust -Name "ExpenseReport" -Identifier "https://contosoexpense/" -IssuanceAuthorizationRules "=>issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");"This command adds a non-claims-aware relying party trust for the application named ExpenseReport and allows all authenticated users to access this application through the Web Application Proxy.
Example 2: Add a non-claims-aware relying party trust that restricts access to an application
PS C:\> Add-AdfsNonClaimsAwareRelyingPartyTrust -Name "ExpenseReport" -Identifier "https://contosoexpense/" -IssuanceAuthorizationRules "c:[type=="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser"]=>issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");"This command adds a non-claims-aware relying party trust for the application named ExpenseReport and restricts access to this application, through the Web Application Proxy, to only users from their workplace-joined devices.
Parameters
-AccessControlPolicyName
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-AccessControlPolicyParameters
| Type: | Object |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-AdditionalAuthenticationRules
Specifies rules for additional authentication on the relying party. For more information about the claims language for rules, see Understanding Claim Rule Language in AD FS 2.0 & Higher on TechNet.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AdditionalAuthenticationRulesFile
Specifies the file that contains all the rules for additional authentication for the relying party.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AlwaysRequireAuthentication
Indicates that access requires authentication, even if this relying party has previously authenticated credentials for access. Specify this parameter to require users to always supply credentials to access sensitive resources.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ClaimsProviderName
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Enabled
Indicates whether to enable this relying party trust. Specify a value of $True for this parameter to allow authentication and authorization to the relying party.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Identifier
Specifies an array of unique identifiers for the non-claims-aware relying party trust. No other trust can use an identifier from this list. As common practice, you can use Uniform Resource Identifiers (URIs) as unique identifiers for a relying party trust, or you can use any string.
| Type: | String[] |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IssuanceAuthorizationRules
Specifies the authorization rules for issuing claims to the relying party.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IssuanceAuthorizationRulesFile
Specifies the file that contains the authorization rules for issuing claims to the relying party.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specifies a name. The cmdlet adds the Web Application Proxy relying party trust that has the display name that you specify.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Notes
Specifies notes for the relying party trust. Use this parameter to store information such as owners and contacts when you manage a large number of applications.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |