ADFederationService

[This documentation is preliminary and is subject to change.]

The ADFederationService object can be used to manage Active Directory Federation Services (ADFS) support. ADFS is component available beginning with Windows ServerĀ 2003 R2 that enables a user to access multiple Web applications during the life of a single online session. Using ADFS, organizations can share user identity within an organization and across federated organizations so that the users can access ADFS-configured resources. If ADFS is installed and enabled, an AD RMS server can grant content access to federated users. You can retrieve this object by calling the ADFederationService property on the TrustPolicy object.

Methods

The ADFederationService object does not define any methods.

Properties

The ADFederationService object has the following properties.

Property Description
Enabled Specifies or retrieves a Boolean value that indicates whether ADFS trust is enabled.
IsProxyEmailAddressesAllowed Specifies or retrieves a Boolean value that indicates whether proxy e-mail addresses can be used to identify users.
IsSupported Retrieves a Boolean value that specifies whether the Active Directory Federation Services (ADFS) component and the external and internal certification services are installed.
RightsAccountCertificateRequestUrl Specifies or retrieves the URL of a Web site from which a rights account certificate for a federated user can be requested.
ValidityPeriodInDays Specifies or retrieves the number of days for which a rights account certificate is valid.

Example Code [VBScript]

DIM config_manager
DIM admin_role

' *******************************************************************
' Create and initialize a ConfigurationManager object.

SUB InitObject()

  CALL WScript.Echo( "Create ConfigurationManager object...")
  SET config_manager = CreateObject _
    ("Microsoft.RightsManagementServices.Admin.ConfigurationManager")      
  CheckError()
    
  CALL WScript.Echo( "Initialize...")
  admin_role=config_manager.Initialize(false,"localhost",80,"","","")
  CheckError()

END SUB

' *******************************************************************
' Specify ADFS information.

SUB SetADFS()
    
  DIM objADFS

  SET objADFS = _
    config_manager.Enterprise.TrustPolicy.ADFederationService
  CheckError()
        
  IF objADFS.IsSupported = TRUE THEN
    objADFS.Enabled = true
    CheckError()

    objADFS.ValidityPeriodInDays = 10
    CheckError()

    objADFS.RightsAccountCertificateRequestUrl = _
        "https://www.example.com"
    CheckError()

    objADFS.IsProxyEmailAddressesAllowed = TRUE
    CheckError()
  END IF

END SUB

' *******************************************************************
' Error checking function.

FUNCTION CheckError()
  CheckError = Err.number
  IF Err.number <> 0 THEN
    CALL WScript.Echo( vbTab & "*****Error Number: " _
                       & Err.number _
                       & " Desc:" _
                       & Err.Description _
                       & "*****")
    WScript.StdErr.Write(Err.Description)
    WScript.Quit( Err.number )
  END IF
END FUNCTION

' *******************************************************************
' Generate a runtime error.

SUB RaiseError(errId, desc)
  CALL Err.Raise( errId, "", desc )
  CheckError()
END SUB

Requirements

Product Requires Windows ServerĀ "Longhorn".
Library

Use Microsoft.RightsManagementServices.Admin.dll registered as a custom type library.

See Also

Active Directory Rights Management Services Scripting API