2.2.2.4 Configuration
This is a JSON object containing information about the AD FS service. The format of the object is as follows:
-
{ "ServiceConfiguration" : { "ServiceHostName" : "<service-host-name>", "HttpPort" : <http-port-number>, "HttpsPort" : <https-port-number>, "HttpsPortForUserTlsAuth" : <user-TLS-port-number>, "DeviceCertificateIssuers" : [ "<device-certificate-issuer>", * ], "ProxyTrustCertificateLifetime" : <trust-renewal-interval>, "DiscoveredUpnSuffixes" : [ "<upn-suffix>", * ], "CustomUpnSuffixes" : [ "<upn-suffix>", * ], "ServiceHostNameForUserTlsAuth" : "<service-host-name-for-user-tls-auth>" }, "EndpointConfiguration" : [ { "Path" : "<endpoint-uri>", "PortType" : "<port-type>", "AuthenticationSchemes" : "<credential-collection-scheme>", "ClientCertificateQueryMode" : "<tls-query-behavior>", "CertificateValidation" : "<certificate-validation>", "SupportsNtlm" : "<support-ntlm>", "ServicePath" : "<service-endpoint-uri>", "ServicePortType" : "<service-port-type>" }, * ], "FarmBehavior" : "<farm-behavior-version-number>", "IgnoreTokenBinding" : "<ignore-token-binding>" "UpdatedFarmBehaviorLevel" : "<updated-farm-behavior-level>" }
service-host-name: Host name of the AD FS service.
service-host-name-for-user-tls-auth: (Optional) Alternate hostname of the AD FS service that implements the endpoint used to authenticate the user using Transport Layer Security (TLS) authentication.<3>
http-port-number: Port number for endpoints listening on HTTP.
https-port-number: Port number for endpoints listening on HTTPS.
user-tls-port-number: Port number for user TLS authentication endpoints.
device-certificate-issuer: Base64 string encoded ([RFC4648] section 4) X509 certificate [RFC4158].
trust-renewal-interval: Hint for proxy certificate lifetime.
upn-suffix: Possible User Principal Name (UPN) suffixes for principals that can be preauthorized.
endpoint-uri: URI of endpoint.
port-type: Port Type (section 2.2.2.12) for endpoint.
credential-collection-scheme: Credential Collection Scheme (section 2.2.2.13) for endpoint.
tls-query-behavior: TLS Query Behavior (section 2.2.2.14) for endpoint.
certificate-validation: Certificate Validation (section 2.2.2.15) for endpoint.
support-ntlm: Boolean value that indicates whether the client supports NTLM authentication for SPNEGO-based HTTP authentication [RFC4559].
service-endpoint-uri: URI of endpoint on server. This URI is relative to service-host-name.
service-port-type: Port Type (section 2.2.2.12) for corresponding endpoint on server.
farm-behavior-version-number: (Optional) The following table shows the values of farm-behavior-version-number corresponding to the ad_fs_behavior_level setting ([MS-OAPX] section 3.2.1.1) on the server.<4>
-
ad_fs_behavior_level
farm-behavior-version-number
AD_FS_BEHAVIOR_LEVEL_1
"6.3"
AD_FS_BEHAVIOR_LEVEL_2
"10.0"
AD_FS_BEHAVIOR_LEVEL_3
"10.0"
AD_FS_BEHAVIOR_LEVEL_4
"10.0"
-
If this value is not specified, the value of "6.3" is assumed.
ignore-token-binding: (Optional) A Boolean attribute on the server indicating that token binding information [IETFDRAFT-TOKBND] is not to be retrieved from http.sys for a request and is to be ignored in any existing tokens. The default is true.<5>
updated-farm-behavior-level: (Optional) An integer attribute on the server that specifies the forward-compatible AD FS farm behavior level. Note that this is different from the farm-behavior-version-number field. This value corresponds directly to the ad_fs_behavior_level setting on the server ([MS-OAPX] section 3.2.1.1). <6>