Set-AdfsRelyingPartyTrust
Set-AdfsRelyingPartyTrust
Sets the properties of a relying party trust.
Syntaxe
Parameter Set: AllProperties
Set-AdfsRelyingPartyTrust [-ClaimsProviderName <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: Identifier
Set-AdfsRelyingPartyTrust -TargetIdentifier <String> [-AdditionalAuthenticationRules <String> ] [-AdditionalAuthenticationRulesFile <String> ] [-AdditionalWSFedEndpoint <String[]> ] [-AutoUpdateEnabled <Boolean> ] [-ClaimAccepted <ClaimDescription[]> ] [-DelegationAuthorizationRules <String> ] [-DelegationAuthorizationRulesFile <String> ] [-EnableJWT <Boolean> ] [-EncryptClaims <Boolean> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String[]> ] [-ImpersonationAuthorizationRules <String> ] [-ImpersonationAuthorizationRulesFile <String> ] [-IssuanceAuthorizationRules <String> ] [-IssuanceAuthorizationRulesFile <String> ] [-IssuanceTransformRules <String> ] [-IssuanceTransformRulesFile <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-NotBeforeSkew <Int32> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequestSigningCertificate <X509Certificate2[]> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SamlResponseSignature <String> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenLifetime <Int32> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: IdentifierName
Set-AdfsRelyingPartyTrust -TargetName <String> [-AdditionalAuthenticationRules <String> ] [-AdditionalAuthenticationRulesFile <String> ] [-AdditionalWSFedEndpoint <String[]> ] [-AutoUpdateEnabled <Boolean> ] [-ClaimAccepted <ClaimDescription[]> ] [-DelegationAuthorizationRules <String> ] [-DelegationAuthorizationRulesFile <String> ] [-EnableJWT <Boolean> ] [-EncryptClaims <Boolean> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String[]> ] [-ImpersonationAuthorizationRules <String> ] [-ImpersonationAuthorizationRulesFile <String> ] [-IssuanceAuthorizationRules <String> ] [-IssuanceAuthorizationRulesFile <String> ] [-IssuanceTransformRules <String> ] [-IssuanceTransformRulesFile <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-NotBeforeSkew <Int32> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequestSigningCertificate <X509Certificate2[]> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SamlResponseSignature <String> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenLifetime <Int32> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: IdentifierObject
Set-AdfsRelyingPartyTrust -TargetRelyingParty <RelyingPartyTrust> [-AdditionalAuthenticationRules <String> ] [-AdditionalAuthenticationRulesFile <String> ] [-AdditionalWSFedEndpoint <String[]> ] [-AutoUpdateEnabled <Boolean> ] [-ClaimAccepted <ClaimDescription[]> ] [-DelegationAuthorizationRules <String> ] [-DelegationAuthorizationRulesFile <String> ] [-EnableJWT <Boolean> ] [-EncryptClaims <Boolean> ] [-EncryptedNameIdRequired <Boolean> ] [-EncryptionCertificate <X509Certificate2> ] [-EncryptionCertificateRevocationCheck <String> ] [-Identifier <String[]> ] [-ImpersonationAuthorizationRules <String> ] [-ImpersonationAuthorizationRulesFile <String> ] [-IssuanceAuthorizationRules <String> ] [-IssuanceAuthorizationRulesFile <String> ] [-IssuanceTransformRules <String> ] [-IssuanceTransformRulesFile <String> ] [-MetadataUrl <Uri> ] [-MonitoringEnabled <Boolean> ] [-Name <String> ] [-NotBeforeSkew <Int32> ] [-Notes <String> ] [-PassThru] [-ProtocolProfile <String> ] [-RequestSigningCertificate <X509Certificate2[]> ] [-SamlEndpoint <SamlEndpoint[]> ] [-SamlResponseSignature <String> ] [-SignatureAlgorithm <String> ] [-SignedSamlRequestsRequired <Boolean> ] [-SigningCertificateRevocationCheck <String> ] [-TokenLifetime <Int32> ] [-WSFedEndpoint <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: MetadataFile
Set-AdfsRelyingPartyTrust [-ClaimsProviderName <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: MetadataUrl
Set-AdfsRelyingPartyTrust [-ClaimsProviderName <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Description détaillée
The Set-AdfsRelyingPartyTrust cmdlet configures the trust relationship with a specified relying party object.
Paramètres
-AdditionalAuthenticationRules<String>
Specifies the additional authorization rules to require additional authentication based on user, device and location attributes after the completion of the first step of authentication. Note: These rules must only be configured after there is at least one authentication provider enabled for additional authentication.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-AdditionalAuthenticationRulesFile<String>
Specifies a file that contains the additional authentication rules to require additional authentication when a user is attempting to access this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-AdditionalWSFedEndpoint<String[]>
Specifies an array of alternate return addresses for the application. This is typically used when the application wants to indicate to AD FS what the return URL should be on successful token generation. AD FS requires that all acceptable URLs are entered as trusted information by the administrator.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-AutoUpdateEnabled<Boolean>
Indicates whether changes to the federation metadata by the MetadataURL parameter apply automatically to the configuration of the trust relationship. If this parameter has a value of $True, partner claims, certificates, and endpoints are updated automatically.
Note: When auto-update is enabled, fields that can be overwritten by metadata become read only.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-ClaimAccepted<ClaimDescription[]>
Specifies an array of claims that this relying party accepts.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByValue) |
Accepter les caractères génériques ? |
false |
-ClaimsProviderName<String[]>
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-DelegationAuthorizationRules<String>
Specifies the delegation authorization rules for issuing claims to this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-DelegationAuthorizationRulesFile<String>
Specifies a file that contains the delegation authorization rules for issuing claims to this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-EnableJWT<Boolean>
Indicates whether the JSON Web Token (JWT) format should be used to issue a token on a WS-Federation request. By default, SAML tokens are issued over WS-Federation.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-EncryptClaims<Boolean>
Indicates whether the claims that are sent to the relying party should be encrypted.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-EncryptedNameIdRequired<Boolean>
Indicates whether the relying party requires that the NameID claim be encrypted.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-EncryptionCertificate<X509Certificate2>
Specifies the certificate to be used for encrypting claims that are issued to this relying party. Encrypting claims is optional.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-EncryptionCertificateRevocationCheck<String>
Specifies the type of validation that occurs for the encryption certificate before it is used for encrypting claims to the relying party. Les valeurs acceptables pour ce paramètre sont :
-- None
-- CheckEndCert
-- CheckEndCertCacheOnly
-- CheckChain
-- CheckChainCacheOnly
-- CheckChainExcludingRoot
-- CheckChainExcludingRootCacheOnly
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-Identifier<String[]>
Specifies an array of unique identifiers for this relying party trust. No other trust can use an identifier from this list. Uniform Resource Identifiers (URIs) are often used as unique identifiers for a relying party trust, but you can use any string of characters.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-ImpersonationAuthorizationRules<String>
Specifies the impersonation authorization rules for issuing claims to this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-ImpersonationAuthorizationRulesFile<String>
Specifies a file that containis the impersonation authorization rules for issuing claims to this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-IssuanceAuthorizationRules<String>
Specifies the issuance authorization rules for issuing claims to this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-IssuanceAuthorizationRulesFile<String>
Specifies a file that contains the issuance authorization rules for issuing claims to this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-IssuanceTransformRules<String>
Specifies the issuance transform rules for issuing claims to this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-IssuanceTransformRulesFile<String>
Specifies a file that contains the issuance transform rules for issuing claims to this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-MetadataUrl<Uri>
Specifies a URL at which the federation metadata for this relying party trust is available.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-MonitoringEnabled<Boolean>
Indicates whether periodic monitoring of this relying party federation metadata is enabled. The MetadataUrl parameter specifies the URL of the relying party's federation metadata.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-Name<String>
Specifies the friendly name of this relying party trust.
Note: You can use the Name parameter as an identifier for the object.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-NotBeforeSkew<Int32>
Specifies the skew, as in integer, for the time stamp that marks the beginning of the validity period. The higher this number is, the further back in time the validity period begins with respect to the time that the claims are issued for the relying party. By default, this value is 0. Specify a positive value if validation fails on the relying party because the validity period has not yet begun.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-Notes<String>
Specifies notes for this relying party trust.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-PassThru
Retourne un objet qui représente l’élément avec lequel vous travaillez. Par défaut, cette applet de commande ne génère aucun résultat.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-ProtocolProfile<String>
Specifies which protocol profiles the relying party supports. Les valeurs acceptables pour ce paramètre sont :SAML, WsFederation. By default, this parameter is blank, which indicates that both protocols are supported.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-RequestSigningCertificate<X509Certificate2[]>
Specifies an array of certificate that is used to verify the signature on a request from the relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByValue) |
Accepter les caractères génériques ? |
false |
-SamlEndpoint<SamlEndpoint[]>
Specifies an array of Security Assertion Markup Language (SAML) protocol endpoints for this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByValue) |
Accepter les caractères génériques ? |
false |
-SamlResponseSignature<String>
Specifies the response signatures that the relying party expects. Les valeurs acceptables pour ce paramètre sont : AssertionOnly, MessageAndAssertion, and MessageOnly.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-SignatureAlgorithm<String>
Specifies the signature algorithm that the relying party uses for signing and verification. Les valeurs acceptables pour ce paramètre sont :
http://www.w3.org/2000/09/xmldsig\#rsa-sha1
http://www.w3.org/2001/04/xmldsig-more\#rsa-sha256
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-SignedSamlRequestsRequired<Boolean>
Indicates whether the Federation Service requires signed SAML protocol requests from the relying party. If you specify a value of $True, the Federation Service rejects unsigned SAML protocol requests.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-SigningCertificateRevocationCheck<String>
Specifies the type of certificate validation that should occur when signatures on requests from the relying party are verified. Les valeurs acceptables pour ce paramètre sont :None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludingRoot, and CheckChainExcludingRootCacheOnly.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-TargetIdentifier<String>
Specifies the identifier of the relying party trust that is modified by the cmdlet.
Alias |
none |
Obligatoire ? |
true |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByValue) |
Accepter les caractères génériques ? |
false |
-TargetName<String>
Specifies the friendly name of the relying party trust that is modified by the cmdlet.
Alias |
none |
Obligatoire ? |
true |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByValue) |
Accepter les caractères génériques ? |
false |
-TargetRelyingParty<RelyingPartyTrust>
Specifies a RelyingPartyTrust object. The cmdlet modifies the relying party trust that you specify. To obtain a RelyingPartyTrust object, use the Get-AdfsRelyingPartyTrust cmdlet.
Alias |
none |
Obligatoire ? |
true |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByValue) |
Accepter les caractères génériques ? |
false |
-TokenLifetime<Int32>
Specifies the duration, in minutes, for which the claims that are issued to the relying party are valid.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-WSFedEndpoint<Uri>
Specifies the WS-Federation Passive URL for this relying party.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-Confirm
Votre confirmation sera requise avant l’exécution de l’applet de commande.
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
false |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-WhatIf
Présente les conséquences éventuelles de l’exécution de l’applet de commande. L’applet de commande n’est pas exécutée.
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
false |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
<CommonParameters>
Cette applet de commande prend en charge les paramètres courants : -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer et -OutVariable. Pour plus d’informations, consultez about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Entrées
Le type d’entrée correspond au type des objets que vous pouvez transmettre à l’applet de commande.
Microsoft.IdentityServer.PowerShell.Resources.RelyingPartyTrust
A class structure that represents a relying party trust.
Sorties
Le type de sortie est le type des objets émis par l’applet de commande.
- None
Remarques
- A relying party in services de fédération Active Directory (AD FS) 2.0 is an organization in which Web servers that host one or more Web-based applications reside. Tokens and Information Cards that originate from a claims provider can then be presented and ultimately accessed by the Web-based resources that are located in the relying party organization. When AD FS is configured in the role of the relying party, it acts as a partner that trusts a claims provider to authenticate users. Therefore, the relying party accesses the claims that are packaged in security tokens that come from users in the claims provider. In other words, a relying party is the organization whose Web servers are protected by the resource-side federation server. The federation server in the relying party uses the security tokens that the claims provider produces to issue tokens to the Web servers that are located in the relying party.
Exemples
Example 1: Set the name and identifier for a relying party trust
This command sets the name and identifier for the specified relying party trust.
PS C:\> Set-AdfsRelyingPartyTrust -TargetName "FabrikamApp" -Identifier "http://FabrikamApp.CentralServerNew.org"
Example 2: Set the target identifier for a relying party trust
This command sets the target identifier for the specified relying party trust.
PS C:\> Set-AdfsRelyingPartyTrust -TargetIdentifier "http://FabrikamApp.CentralServer.org" -Identifier "http://FabrikamApp.CentralServerNew.org"