Add-AdfsWebApiApplication

Adds a Web API application role to an application in AD FS.

Syntax

Add-AdfsWebApiApplication
   [-ApplicationGroup] <ApplicationGroup>
   [-AccessControlPolicyName <String>]
   [-AccessControlPolicyParameters <Object>]
   [-AdditionalAuthenticationRules <String>]
   [-AdditionalAuthenticationRulesFile <String>]
   [-AllowedAuthenticationClassReferences <String[]>]
   [-AllowedClientTypes <AllowedClientTypes>]
   [-AlwaysRequireAuthentication]
   [-ClaimsProviderName <String[]>]
   [-Confirm]
   [-DelegationAuthorizationRules <String>]
   [-DelegationAuthorizationRulesFile <String>]
   [-Description <String>]
   -Identifier <String[]>
   [-ImpersonationAuthorizationRules <String>]
   [-ImpersonationAuthorizationRulesFile <String>]
   [-IssuanceAuthorizationRules <String>]
   [-IssuanceAuthorizationRulesFile <String>]
   [-IssuanceTransformRules <String>]
   [-IssuanceTransformRulesFile <String>]
   [-IssueOAuthRefreshTokensTo <RefreshTokenIssuanceDeviceTypes>]
   -Name <String>
   [-NotBeforeSkew <Int32>]
   [-PassThru]
   [-RefreshTokenProtectionEnabled <Boolean>]
   [-RequestMFAFromClaimsProviders]
   [-TokenLifetime <Int32>]
   [-WhatIf]
   [<CommonParameters>]
Add-AdfsWebApiApplication
   [-ApplicationGroupIdentifier] <String>
   [-AccessControlPolicyName <String>]
   [-AccessControlPolicyParameters <Object>]
   [-AdditionalAuthenticationRules <String>]
   [-AdditionalAuthenticationRulesFile <String>]
   [-AllowedAuthenticationClassReferences <String[]>]
   [-AllowedClientTypes <AllowedClientTypes>]
   [-AlwaysRequireAuthentication]
   [-ClaimsProviderName <String[]>]
   [-Confirm]
   [-DelegationAuthorizationRules <String>]
   [-DelegationAuthorizationRulesFile <String>]
   [-Description <String>]
   -Identifier <String[]>
   [-ImpersonationAuthorizationRules <String>]
   [-ImpersonationAuthorizationRulesFile <String>]
   [-IssuanceAuthorizationRules <String>]
   [-IssuanceAuthorizationRulesFile <String>]
   [-IssuanceTransformRules <String>]
   [-IssuanceTransformRulesFile <String>]
   [-IssueOAuthRefreshTokensTo <RefreshTokenIssuanceDeviceTypes>]
   -Name <String>
   [-NotBeforeSkew <Int32>]
   [-PassThru]
   [-RefreshTokenProtectionEnabled <Boolean>]
   [-RequestMFAFromClaimsProviders]
   [-TokenLifetime <Int32>]
   [-WhatIf]
   [<CommonParameters>]

Description

The Add-AdfsWebApiApplication cmdlet adds a Web API application role to an application in Active Directory Federation Services (AD FS).

Required Parameters

-ApplicationGroup

Specifies an application group.

Type:ApplicationGroup
Position:0
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-ApplicationGroupIdentifier

Specifies the ID of an application group.

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-Identifier

Specifies an array of identifiers.

Type:String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Name

Specifies a name.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-AccessControlPolicyName

Specifies the name of an access control policy.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-AccessControlPolicyParameters

Specifies the parameters of an access control policy.

Type:Object
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-AdditionalAuthenticationRules

Specifies additional authentication rules.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-AdditionalAuthenticationRulesFile

Specifies a file that contains all the rules for additional authentication for this relying party.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowedAuthenticationClassReferences

Specifies an array of allow authentication class references.

Type:String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowedClientTypes

Specifies allowed client types. The acceptable values for this parameter are:

  • None
  • Public
  • Confidential
Type:AllowedClientTypes
Parameter Sets:None, Public, Confidential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AlwaysRequireAuthentication

Indicates that this Web API application role always requires authentication, even if it previously authenticated credentials for access. Specify this parameter to require users to always supply credentials to access sensitive resources.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ClaimsProviderName

Specifies an array of claims provider names that you can configure for a relying party trust for Home Realm Discovery (HRD) scenario.

If claims provider names are specified for a relying party, the home realm discovery page shows only those claims providers for this relying party. If only one claims provider name is specified, home realm discovery page is not shown. The user is redirected to this claims provider for authentication.

Type:String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-DelegationAuthorizationRules

Specifies delegation authorization rules.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-DelegationAuthorizationRulesFile

Specifies a file that contains all the rules for delegation authentication for this relying party.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Description

Specifies a description.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ImpersonationAuthorizationRules

Specifies the impersonation authorization rules.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ImpersonationAuthorizationRulesFile

Specifies a file that contains all the rules for impersonation authentication for this relying party.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IssuanceAuthorizationRules

Specifies the issuance authorization rules.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-IssuanceAuthorizationRulesFile

Specifies a file that contains all the rules for issuance authentication for this relying party.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IssuanceTransformRules

Specifies the issuance transform rules.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-IssuanceTransformRulesFile

Specifies a file that contains all the rules for issuance transform for this relying party.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IssueOAuthRefreshTokensTo

Specifies the refresh token issuance device types. The acceptable values for this parameter are:

  • NoDevice
  • WorkplaceJoinedDevices
  • AllDevices
Type:RefreshTokenIssuanceDeviceTypes
Parameter Sets:NoDevice, WorkplaceJoinedDevices, AllDevices
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-NotBeforeSkew

Specifies the not before skew value.

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RefreshTokenProtectionEnabled

Indicates whether refresh token protection is enabled.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RequestMFAFromClaimsProviders

Indicates that the request MFA from claims providers option is used.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-TokenLifetime

Specifies the token lifetime.

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Outputs

Microsoft.IdentityServer.Management.Resources.WebApiApplication

AccessControlPolicyName               string
AccessControlPolicyParameters         System.Object
AdditionalAuthenticationRules         string
AllowedAuthenticationClassReferences  string[]
AllowedClientTypes                    Microsoft.IdentityServer.Protocols.PolicyStore.AllowedClientTypes
AlwaysRequireAuthentication           bool
ApplicationGroupId                    string
ApplicationGroupIdentifier            string
ClaimsProviderName                    string[]
DelegationAuthorizationRules          string
Description                           string
Enabled                               bool
Identifier                            System.Collections.ObjectModel.ReadOnlyCollection[string]
ImpersonationAuthorizationRules       string
IssuanceAuthorizationRules            string
IssuanceTransformRules                string
IssueOAuthRefreshTokensTo             Microsoft.IdentityServer.Protocols.PolicyStore.RefreshTokenIssuanceDeviceTypes
Name                                  string
NotBeforeSkew                         int
PublishedThroughProxy                 bool
RefreshTokenProtectionEnabled         bool
RequestMFAFromClaimsProviders         bool
ResultantPolicy                       Microsoft.IdentityServer.PolicyModel.Configuration.PolicyTemplate.PolicyMetadata
TokenLifetime                         int

Outputs

Microsoft.IdentityServer.Protocols.PolicyStore.AllowedClientTypes

AllowedClientTypes
{
  None = 0,
  Public = 2,
  Confidential=4,
}

Outputs

Microsoft.IdentityServer.Protocols.PolicyStore.RefreshTokenIssuanceDeviceTypes

RefreshTokenIssuanceDeviceTypes
{
  NoDevice = 0,
  WorkplaceJoinedDevices = 1,
  AllDevices = 2
}

Outputs

Microsoft.IdentityServer.PolicyModel.Configuration.PolicyTemplate.PolicyMetadata

IsParameterized  bool
Summary          string
Serialized       string