Add-AdfsWebApiApplication

Adds a Web API application role to an application in AD FS.

Syntax

Add-AdfsWebApiApplication
   [-ApplicationGroupIdentifier] <String>
   -Name <String>
   -Identifier <String[]>
   [-AllowedAuthenticationClassReferences <String[]>]
   [-ClaimsProviderName <String[]>]
   [-IssuanceAuthorizationRules <String>]
   [-IssuanceAuthorizationRulesFile <String>]
   [-DelegationAuthorizationRules <String>]
   [-DelegationAuthorizationRulesFile <String>]
   [-ImpersonationAuthorizationRules <String>]
   [-ImpersonationAuthorizationRulesFile <String>]
   [-IssuanceTransformRules <String>]
   [-IssuanceTransformRulesFile <String>]
   [-AdditionalAuthenticationRules <String>]
   [-AdditionalAuthenticationRulesFile <String>]
   [-AccessControlPolicyName <String>]
   [-AccessControlPolicyParameters <Object>]
   [-NotBeforeSkew <Int32>]
   [-Description <String>]
   [-TokenLifetime <Int32>]
   [-AlwaysRequireAuthentication]
   [-AllowedClientTypes <AllowedClientTypes>]
   [-IssueOAuthRefreshTokensTo <RefreshTokenIssuanceDeviceTypes>]
   [-RefreshTokenProtectionEnabled <Boolean>]
   [-RequestMFAFromClaimsProviders]
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-AdfsWebApiApplication
   [-ApplicationGroup] <ApplicationGroup>
   -Name <String>
   -Identifier <String[]>
   [-AllowedAuthenticationClassReferences <String[]>]
   [-ClaimsProviderName <String[]>]
   [-IssuanceAuthorizationRules <String>]
   [-IssuanceAuthorizationRulesFile <String>]
   [-DelegationAuthorizationRules <String>]
   [-DelegationAuthorizationRulesFile <String>]
   [-ImpersonationAuthorizationRules <String>]
   [-ImpersonationAuthorizationRulesFile <String>]
   [-IssuanceTransformRules <String>]
   [-IssuanceTransformRulesFile <String>]
   [-AdditionalAuthenticationRules <String>]
   [-AdditionalAuthenticationRulesFile <String>]
   [-AccessControlPolicyName <String>]
   [-AccessControlPolicyParameters <Object>]
   [-NotBeforeSkew <Int32>]
   [-Description <String>]
   [-TokenLifetime <Int32>]
   [-AlwaysRequireAuthentication]
   [-AllowedClientTypes <AllowedClientTypes>]
   [-IssueOAuthRefreshTokensTo <RefreshTokenIssuanceDeviceTypes>]
   [-RefreshTokenProtectionEnabled <Boolean>]
   [-RequestMFAFromClaimsProviders]
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Add-AdfsWebApiApplication cmdlet adds a Web API application role to an application in Active Directory Federation Services (AD FS).

Parameters

-AccessControlPolicyName

Specifies the name of an access control policy.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AccessControlPolicyParameters

Specifies the parameters of an access control policy.

Type:Object
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AdditionalAuthenticationRules

Specifies additional authentication rules.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AdditionalAuthenticationRulesFile

Specifies a file that contains all the rules for additional authentication for this relying party.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedAuthenticationClassReferences

Specifies an array of allow authentication class references.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedClientTypes

Specifies allowed client types. The acceptable values for this parameter are:

  • None
  • Public
  • Confidential
Type:AllowedClientTypes
Accepted values:None, Public, Confidential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AlwaysRequireAuthentication

Indicates that this Web API application role always requires authentication, even if it previously authenticated credentials for access. Specify this parameter to require users to always supply credentials to access sensitive resources.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ApplicationGroup

Specifies an application group.

Type:ApplicationGroup
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ApplicationGroupIdentifier

Specifies the ID of an application group.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ClaimsProviderName

Specifies an array of claims provider names that you can configure for a relying party trust for Home Realm Discovery (HRD) scenario.

If claims provider names are specified for a relying party, the home realm discovery page shows only those claims providers for this relying party. If only one claims provider name is specified, home realm discovery page is not shown. The user is redirected to this claims provider for authentication.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DelegationAuthorizationRules

Specifies delegation authorization rules.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DelegationAuthorizationRulesFile

Specifies a file that contains all the rules for delegation authentication for this relying party.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

Specifies a description.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Identifier

Specifies an array of identifiers.

Type:String[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ImpersonationAuthorizationRules

Specifies the impersonation authorization rules.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ImpersonationAuthorizationRulesFile

Specifies a file that contains all the rules for impersonation authentication for this relying party.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IssuanceAuthorizationRules

Specifies the issuance authorization rules.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-IssuanceAuthorizationRulesFile

Specifies a file that contains all the rules for issuance authentication for this relying party.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IssuanceTransformRules

Specifies the issuance transform rules.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-IssuanceTransformRulesFile

Specifies a file that contains all the rules for issuance transform for this relying party.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IssueOAuthRefreshTokensTo

Specifies the refresh token issuance device types. The acceptable values for this parameter are:

  • NoDevice
  • WorkplaceJoinedDevices
  • AllDevices
Type:RefreshTokenIssuanceDeviceTypes
Accepted values:NoDevice, WorkplaceJoinedDevices, AllDevices
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies a name.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-NotBeforeSkew

Specifies the not before skew value.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RefreshTokenProtectionEnabled

Indicates whether refresh token protection is enabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequestMFAFromClaimsProviders

Indicates that the request MFA from claims providers option is used.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-TokenLifetime

Specifies the token lifetime.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

String objects are received by the AccessControlPolicyName, AdditionalAuthenticationRules, ApplicationGroupIdentifier, DelegationAuthorizationRules, ImpersonationAuthorizationRules, IssuanceAuthorizationRules, and IssuanceTransformRules parameters.

Object

Objects are received by the AccessControlPolicyParameters parameter.

SwitchParameter

SwitchParameter objects are received by the AlwaysRequireAuthentication and RequestMFAFromClaimsProviders parameters.

ApplicationGroup

ApplicationGroup objects are received by the ApplicationGroup parameter.

Outputs

WebApiApplication

Returns the new WebApiApplication object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.