ADFederationService
[This documentation is preliminary and is subject to change.]
The ADFederationService object can be used to manage Active Directory Federation Services (ADFS) support. ADFS is component available beginning with Windows ServerĀ 2003 R2 that enables a user to access multiple Web applications during the life of a single online session. Using ADFS, organizations can share user identity within an organization and across federated organizations so that the users can access ADFS-configured resources. If ADFS is installed and enabled, an AD RMS server can grant content access to federated users. You can retrieve this object by calling the ADFederationService property on the TrustPolicy object.
Methods
The ADFederationService object does not define any methods.
Properties
The ADFederationService object has the following properties.
| Property | Description |
|---|---|
| Enabled | Specifies or retrieves a Boolean value that indicates whether ADFS trust is enabled. |
| IsProxyEmailAddressesAllowed | Specifies or retrieves a Boolean value that indicates whether proxy e-mail addresses can be used to identify users. |
| IsSupported | Retrieves a Boolean value that specifies whether the Active Directory Federation Services (ADFS) component and the external and internal certification services are installed. |
| RightsAccountCertificateRequestUrl | Specifies or retrieves the URL of a Web site from which a rights account certificate for a federated user can be requested. |
| ValidityPeriodInDays | Specifies or retrieves the number of days for which a rights account certificate is valid. |
Example Code [VBScript]
DIM config_manager
DIM admin_role
' *******************************************************************
' Create and initialize a ConfigurationManager object.
SUB InitObject()
CALL WScript.Echo( "Create ConfigurationManager object...")
SET config_manager = CreateObject _
("Microsoft.RightsManagementServices.Admin.ConfigurationManager")
CheckError()
CALL WScript.Echo( "Initialize...")
admin_role=config_manager.Initialize(false,"localhost",80,"","","")
CheckError()
END SUB
' *******************************************************************
' Specify ADFS information.
SUB SetADFS()
DIM objADFS
SET objADFS = _
config_manager.Enterprise.TrustPolicy.ADFederationService
CheckError()
IF objADFS.IsSupported = TRUE THEN
objADFS.Enabled = true
CheckError()
objADFS.ValidityPeriodInDays = 10
CheckError()
objADFS.RightsAccountCertificateRequestUrl = _
"https://www.example.com"
CheckError()
objADFS.IsProxyEmailAddressesAllowed = TRUE
CheckError()
END IF
END SUB
' *******************************************************************
' Error checking function.
FUNCTION CheckError()
CheckError = Err.number
IF Err.number <> 0 THEN
CALL WScript.Echo( vbTab & "*****Error Number: " _
& Err.number _
& " Desc:" _
& Err.Description _
& "*****")
WScript.StdErr.Write(Err.Description)
WScript.Quit( Err.number )
END IF
END FUNCTION
' *******************************************************************
' Generate a runtime error.
SUB RaiseError(errId, desc)
CALL Err.Raise( errId, "", desc )
CheckError()
END SUB
Requirements
| Product | Requires Windows ServerĀ "Longhorn". |
| Library | Use Microsoft.RightsManagementServices.Admin.dll registered as a custom type library. |