다음을 통해 공유


Set-ADFSRelyingPartyTrust

Set-ADFSRelyingPartyTrust

Sets the properties of a relying party trust.

Syntax

Parameter Set: Identifier
Set-ADFSRelyingPartyTrust -TargetIdentifier <String> [-AutoUpdateEnabled <Boolean> ] [-ClaimAccepted <ClaimDescription[]> ] [-DelegationAuthorizationRules <String> ] [-DelegationAuthorizationRulesFile <String> ] [-EncryptClaims <Boolean> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String[]> ] [-ImpersonationAuthorizationRules <String> ] [-ImpersonationAuthorizationRulesFile <String> ] [-IssuanceAuthorizationRules <String> ] [-IssuanceAuthorizationRulesFile <String> ] [-IssuanceTransformRules <String> ] [-IssuanceTransformRulesFile <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-NotBeforeSkew <Int32> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequestSigningCertificate <X509Certificate2[]> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SamlResponseSignature <String> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenLifetime <Int32> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: IdentifierName
Set-ADFSRelyingPartyTrust -TargetName <String> [-AutoUpdateEnabled <Boolean> ] [-ClaimAccepted <ClaimDescription[]> ] [-DelegationAuthorizationRules <String> ] [-DelegationAuthorizationRulesFile <String> ] [-EncryptClaims <Boolean> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String[]> ] [-ImpersonationAuthorizationRules <String> ] [-ImpersonationAuthorizationRulesFile <String> ] [-IssuanceAuthorizationRules <String> ] [-IssuanceAuthorizationRulesFile <String> ] [-IssuanceTransformRules <String> ] [-IssuanceTransformRulesFile <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-NotBeforeSkew <Int32> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequestSigningCertificate <X509Certificate2[]> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SamlResponseSignature <String> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenLifetime <Int32> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: IdentifierObject
Set-ADFSRelyingPartyTrust -TargetRelyingParty <RelyingPartyTrust> [-AutoUpdateEnabled <Boolean> ] [-ClaimAccepted <ClaimDescription[]> ] [-DelegationAuthorizationRules <String> ] [-DelegationAuthorizationRulesFile <String> ] [-EncryptClaims <Boolean> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String[]> ] [-ImpersonationAuthorizationRules <String> ] [-ImpersonationAuthorizationRulesFile <String> ] [-IssuanceAuthorizationRules <String> ] [-IssuanceAuthorizationRulesFile <String> ] [-IssuanceTransformRules <String> ] [-IssuanceTransformRulesFile <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-NotBeforeSkew <Int32> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequestSigningCertificate <X509Certificate2[]> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SamlResponseSignature <String> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenLifetime <Int32> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Set-ADFSRelyingParty cmdlet configures the trust relationship with a specified relying party object.

Parameters

-AutoUpdateEnabled<Boolean>

Specifies whether changes to the federation metadata at the MetadataURL that is being monitored are automatically applied to the configuration of the trust relationship. Partner claims, certificates, and endpoints are automatically updated if this parameter is enabled (true).

Note: When auto-update is enabled, fields that can be overwritten by metadata become read only.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ClaimAccepted<ClaimDescription[]>

Specifies the claims that this relying party accepts.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-DelegationAuthorizationRules<String>

Specifies the delegation authorization rules for issuing claims to this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-DelegationAuthorizationRulesFile<String>

Specifies a file that contains the delegation authorization rules for issuing claims to this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-EncryptClaims<Boolean>

Specifies whether the claims that are sent to the relying party should be encrypted.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-EncryptedNameIdRequired<Boolean>

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-EncryptionCertificate<X509Certificate2>

Specifies the certificate to be used for encrypting claims that are issued to this relying party. Encrypting claims is optional.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-EncryptionCertificateRevocationCheck<String>

Specifies the type of validation that should occur for the encryption certificate before it is used for encrypting claims to the relying party. Valid values are None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludingRoot, and CheckChainExcludingRootCacheOnly.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Identifier<String[]>

Specifies the unique identifiers for this relying party trust. No other trust may use an identifier from this list. Uniform Resource Identifiers (URIs) are often used as unique identifiers for a relying party trust, but any string of characters may be used.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ImpersonationAuthorizationRules<String>

Specifies the impersonation authorization rules for issuing claims to this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-ImpersonationAuthorizationRulesFile<String>

Specifies a file that containis the impersonation authorization rules for issuing claims to this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-IssuanceAuthorizationRules<String>

Specifies the issuance authorization rules for issuing claims to this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-IssuanceAuthorizationRulesFile<String>

Specifies a file that contains the issuance authorization rules for issuing claims to this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-IssuanceTransformRules<String>

Specifies the issuance transform rules for issuing claims to this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-IssuanceTransformRulesFile<String>

Specifies a file that contains the issuance transform rules for issuing claims to this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-MetadataUrl<Uri>

Specifies a URL at which the federation metadata for this relying party trust is available.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-MonitoringEnabled<Boolean>

Specifies whether periodic monitoring of this relying party's federation metadata is enabled. The URL of the relying party's federation metadata is specified by the MetadataUrl parameter.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Name<String>

Specifies the friendly name of this relying party trust.

Note: You can use the Name parameter as an identifier for the object.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-NotBeforeSkew<Int32>

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Notes<String>

Specifies any notes for this relying party trust.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-PassThru

Passes an object to the pipeline. By default, this cmdlet does not generate any output.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ProtocolProfile<String>

This parameter controls which protocol profiles the relying party supports. The protocol can be one of the following: {SAML, WsFederation}. By default, this parameter is blank, which indicates that both protocols are supported.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RequestSigningCertificate<X509Certificate2[]>

Specifies the certificate that is used to verify the signature on a request from the relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-SamlEndpoint<SamlEndpoint[]>

Specifies the SAML protocol endpoints for this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-SamlResponseSignature<String>

Specifies the response signatures that the relying party expects. Valid values are AssertionOnly, MessageAndAssertion, and MessageOnly.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SignatureAlgorithm<String>

Specifies the signature algorithm that the relying party uses for signing and verification. Valid values are as follows:

http://www.w3.org/2000/09/xmldsig\#rsa-sha1

http://www.w3.org/2001/04/xmldsig-more\#rsa-sha256

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SignedSamlRequestsRequired<Boolean>

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SigningCertificateRevocationCheck<String>

Specifies the type of certificate validation that should occur when signatures on requests from the relying party are verified. Valid values are None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludingRoot, and CheckChainExcludingRootCacheOnly.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-TargetIdentifier<String>

Specifies the identifier of the relying party trust that will be modified by the cmdlet.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-TargetName<String>

Specifies the friendly name of the relying party trust that will be modified by the cmdlet.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-TargetRelyingParty<RelyingPartyTrust>

Specifies the relying party trust that will be modified by the cmdlet. This value is typically taken from the pipeline.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-TokenLifetime<Int32>

Specifies the duration (in minutes) for which the claims that are issued to the relying party are valid.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WSFedEndpoint<Uri>

Specifies the WS-Federation Passive URL for this relying party.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust

    A class structure that represents a relying party trust.

Outputs

The output type is the type of the objects that the cmdlet emits.

  • None

Notes

  • A relying party in Active Directory Federation Services (AD FS) 2.0 is an organization in which Web servers that host one or more Web-based applications reside. Tokens and Information Cards that originate from a claims provider can be presented and ultimately consumed by the Web-based resources that are located in the relying party organization. When AD FS 2.0 is configured in the role of the relying party, it acts as a partner that trusts a claims provider to authenticate users. Therefore, the relying party consumes the claims that are packaged in security tokens that come from users in the claims provider. In other words, a relying party is the organization whose Web servers are protected by the resource-side federation server. The federation server at the relying party uses the security tokens that the claims provider produces to issue tokens to the Web servers that are located in the relying party.

Examples

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

Sets the name and identifier for the specified relying party trust.

C:\PS>Set-ADFSRelyingPartyTrust -TargetName SampleApp -Identifier  http://SampleApp.SampleServerNew.org

-------------------------- EXAMPLE 2 --------------------------

Description

-----------

Sets the target identifier for the specified relying party trust.

C:\PS>Set-ADFSRelyingPartyTrust -TargetIdentifier http://SampleApp.SampleServer.org -Identifier http://SampleApp.SampleServerNew.org

Add-ADFSRelyingPartyTrust

Disable-ADFSRelyingPartyTrust

Enable-ADFSRelyingPartyTrust

Get-ADFSRelyingPartyTrust

Remove-ADFSRelyingPartyTrust

Update-ADFSRelyingPartyTrust