Sharepoint
United States (English) Sign in
Home Online 2013 2010 Other Versions Related Products Library Forums Gallery
TechNet Library
SharePoint Products and Technologies
SharePoint 2013
Technical reference
Windows PowerShell for SharePoint 2013
Windows PowerShell for SharePoint 2013 reference
Security cmdlets
Add-SPShellAdmin
Get-SPShellAdmin
Remove-SPShellAdmin
Add-SPClaimTypeMapping
Get-SPAuthenticationProvider
Get-SPCertificateAuthority
Get-SPClaimProvider
Get-SPClaimProviderManager
Get-SPClaimTypeEncoding
Get-SPManagedAccount
Get-SPManagedPath
Get-SPSecurityTokenServiceConfig
Get-SPServiceApplicationSecurity
Get-SPTrustedIdentityTokenIssuer
Get-SPTrustedRootAuthority
Get-SPTrustedServiceTokenIssuer
Grant-SPObjectSecurity
Initialize-SPResourceSecurity
New-SPAuthenticationProvider
New-SPClaimProvider
New-SPClaimsPrincipal
New-SPClaimTypeEncoding
New-SPClaimTypeMapping
New-SPManagedAccount
New-SPManagedPath
New-SPTrustedIdentityTokenIssuer
New-SPTrustedRootAuthority
New-SPTrustedServiceTokenIssuer
Remove-SPClaimProvider
Remove-SPClaimTypeMapping
Remove-SPManagedAccount
Remove-SPManagedPath
Remove-SPTrustedIdentityTokenIssuer
Remove-SPTrustedRootAuthority
Remove-SPTrustedServiceTokenIssuer
Repair-SPManagedAccountDeployment
Revoke-SPObjectSecurity
Set-SPClaimProvider
Set-SPManagedAccount
Set-SPSecurityTokenServiceConfig
Set-SPServiceApplicationSecurity
Set-SPTrustedIdentityTokenIssuer
Set-SPTrustedRootAuthority
Set-SPTrustedServiceTokenIssuer
Update-SPFarmEncryptionKey
Get-SPAuthenticationRealm
Get-SPTrustedSecurityTokenIssuer
New-SPAzureAccessControlServiceApplicationProxy
New-SPTrustedSecurityTokenIssuer
Remove-SPTrustedSecurityTokenIssuer
Set-SPAuthenticationRealm
Set-SPTrustedSecurityTokenIssuer
Get-SPAppPrincipal
Register-SPAppPrincipal
Remove-SPAppPrincipalPermission
Set-SPAppPrincipalPermission
Convert-SPWebApplication
Expand Minimize
0 out of 1 rated this helpful - Rate this topic

New-SPTrustedIdentityTokenIssuer

SharePoint 2013

Published: July 16, 2012

Applies to:  SharePoint Foundation 2013 | SharePoint Server 2013 Enterprise 

Creates an identity provider in the farm.

Copy 
New-SPTrustedIdentityTokenIssuer -ClaimsMappings <SPClaimMappingPipeBind[]> -Description <String> -IdentifierClaim <String> -Name <String> -Realm <String> -SignInUrl <String> [-AssignmentCollection <SPAssignmentCollection>] [-ClaimProvider <SPClaimProviderPipeBind>] [-Confirm [<SwitchParameter>]] [-ImportTrustCertificate <X509Certificate2>] [-UseWReply <SwitchParameter>] [-WhatIf [<SwitchParameter>]]
Copy 
New-SPTrustedIdentityTokenIssuer -ClaimsMappings <SPClaimMappingPipeBind[]> -Description <String> -IdentifierClaim <String> -Name <String> -Realm <String> -SignInUrl <String> [-AssignmentCollection <SPAssignmentCollection>] [-ClaimProvider <SPClaimProviderPipeBind>] [-Confirm [<SwitchParameter>]] [-MetadataEndPoint <Uri>] [-UseWReply <SwitchParameter>] [-WhatIf [<SwitchParameter>]]

Parameters

1

Parameter

Required

Type

Description

ClaimsMappings

Required

Microsoft.SharePoint.PowerShell.SPClaimMappingPipeBind[]

Specifies the mapping of the claims from the original token to the SharePoint token.

The type must be a valid GUID, in the form 12345678-90ab-cdef-1234-567890bcdefgh; or a valid name of a claim mapping rule (for example, Email); or an instance of a valid SPClaimMapping object.

Description

Required

System.String

Specifies a description for the new identity provider.

The type must be a valid string; for example, LiveID STS.

IdentifierClaim

Required

System.String

Specifies which claim type from the trusted STS will be used for the new identity provider.

The type must be a valid claim type from the trusted STS; for example, http://schemas.microsoft.com/2007/05/Claims/Puid.

Name

Required

System.String

Specifies the name of the new identity provider.

The type must be a valid name of an identity provider; for example, LiveIDSTS.

Realm

Required

System.String

Specifies the realm, or resource partition, associated with this trust.

The type must be a name of a valid realm; for example, MD_REALM.

SignInUrl

Required

System.String

Specifies the sign-in URLs for this trusted STS identity provider.

The type must be a valid URL, in the form http://int.live.com/.

AssignmentCollection

Optional

Microsoft.SharePoint.PowerShell.SPAssignmentCollection

Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the SPAssignment object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or SPSiteAdministration objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.

noteNote:

When the Global parameter is used, all objects are contained in the global store. If objects are not immediately used, or disposed of by using the Stop-SPAssignment command, an out-of-memory scenario can occur.

ClaimProvider

Optional

Microsoft.SharePoint.PowerShell.SPClaimProviderPipeBind

Specifies the IP STS that can resolve and search claims for claims people picker.

The type must be a valid GUID, in the form 12345678-90ab-cdef-1234-567890bcdefgh; or a valid name of identity provider (for example, MyIDprovider1); or an instance of a valid SPIdentityProvider object.

ImportTrustCertificate

Optional

System.Security.Cryptography.X509Certificates.X509Certificate2

Specifies the X.509 certificate object from trusted authentication provider farm.

The type must be a name of a valid X.509 certificate; for example, Certificate1.

UseWReply

Optional

System.Management.Automation.SwitchParameter

Includes a WReply with the token request. WReply is a URL at the relying party to which the requestor is redirected once sign-out processing is complete.

2

Parameter

Required

Type

Description

ClaimsMappings

Required

Microsoft.SharePoint.PowerShell.SPClaimMappingPipeBind[]

Specifies the mapping of the claims from the original token to the SharePoint token.

The type must be a valid GUID, in the form 12345678-90ab-cdef-1234-567890bcdefgh; or a valid name of a claim mapping rule (for example, Email); or an instance of a valid SPClaimMapping object.

Description

Required

System.String

Specifies a description for the new identity provider.

The type must be a valid string; for example, LiveID STS.

IdentifierClaim

Required

System.String

Specifies which claim type from the trusted STS will be used for the new identity provider.

The type must be a valid claim type from the trusted STS; for example, http://schemas.microsoft.com/2007/05/Claims/Puid.

Name

Required

System.String

Specifies the name of the new identity provider.

The type must be a valid name of an identity provider; for example, LiveIDSTS.

Realm

Required

System.String

Specifies the realm, or resource partition, associated with this trust.

The type must be a name of a valid realm; for example, MD_REALM.

SignInUrl

Required

System.String

Specifies the sign-in URLs for this trusted STS identity provider.

The type must be a valid URL, in the form http://int.live.com/.

AssignmentCollection

Optional

Microsoft.SharePoint.PowerShell.SPAssignmentCollection

Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the SPAssignment object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or SPSiteAdministration objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.

noteNote:

When the Global parameter is used, all objects are contained in the global store. If objects are not immediately used, or disposed of by using the Stop-SPAssignment command, an out-of-memory scenario can occur.

ClaimProvider

Optional

Microsoft.SharePoint.PowerShell.SPClaimProviderPipeBind

Specifies the IP STS that can resolve and search claims for claims people picker.

The type must be a valid GUID, in the form 12345678-90ab-cdef-1234-567890bcdefgh; or a valid name of identity provider (for example, MyIDprovider1); or an instance of a valid SPIdentityProvider object.

MetadataEndPoint

Optional

System.Uri

UseWReply

Optional

System.Management.Automation.SwitchParameter

Includes a WReply with the token request. WReply is a URL at the relying party to which the requestor is redirected once sign-out processing is complete.

Detailed Description

The New-SPTrustedIdentityTokenIssuer cmdlet creates an identity provider in the farm. This object is created and used only for setting this type of identity provider in a Web application. The specified claim type cannot be NTLM, Classic NTLM, Negotiate, or Classic Negotiate. For ASP.NET Membership provider or Role providers, no objects are persisted. For security token service (STS) identity providers, this cmdlet creates and persists the identity provider object in the SPFarm object.

Input Types

Return Types

----------------------- EXAMPLE---------------------------

Copy 
New-SPTrustedIdentityTokenIssuer –Name "LiveIDSTS" - Description "LiveID STS" –Certificate (Get-ChildItem"cert:Certificates (LocalComputer)\Personal\Certificates –Name "LiveID Cert") –SignInUrl http://int.contoso.com/ -IdentifierClaim "http://schemas.contoso.com/2007/05/Claims/Puid"
Copy 
Set –SPWebApplication http://contoso.com -IdentityProvider (Get-SPTrustedIdentityTokenIssuer "LiveIDSTS")

This example creates a new identity provider in the farm named LiveIDSTS.

Change History

Date Description

July 16, 2012

Initial publication

Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.