Add-Adfs
Syntax
Add-AdfsServerApplication
[-ApplicationGroupIdentifier] <String>
[-Name] <String>
[-Identifier] <String>
[[-RedirectUri] <String[]>]
[-Description <String>]
[-ADUserPrincipalName <String>]
[-JWTSigningCertificate <X509Certificate2[]>]
[-JWTSigningCertificateRevocationCheck <RevocationSetting>]
[-JWKSUri <Uri>]
[-LogoutUri <String>]
[-JWKSFile <String>]
[-GenerateClientSecret]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Add-AdfsServerApplication
[-ApplicationGroup] <ApplicationGroup>
[-Name] <String>
[-Identifier] <String>
[[-RedirectUri] <String[]>]
[-Description <String>]
[-ADUserPrincipalName <String>]
[-JWTSigningCertificate <X509Certificate2[]>]
[-JWTSigningCertificateRevocationCheck <RevocationSetting>]
[-JWKSUri <Uri>]
[-LogoutUri <String>]
[-JWKSFile <String>]
[-GenerateClientSecret]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Description
The Add-AdfsServerApplication cmdlet adds a server application role to an application in Active Directory Federation Services (AD FS).
Required Parameters
Specifies an application group.
| Type: | ApplicationGroup |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | True (ByValue) |
| Accept wildcard characters: | False |
Specifies an application group ID.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName, ByValue) |
| Accept wildcard characters: | False |
Specifies an ID.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Specifies a name.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Optional Parameters
Specifies the Active Directory account that corresponds to the confidential client that is registered. The only client authentication method available for use with Active Directory accounts is Windows Integrated Authentication (WIA).
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies a description.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Indicates that this cmdlet generates a secret value for the client.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies a file that contains a JSON Web Token (JWT).
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the URI of a JWT.
| Type: | Uri |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies an array of signing certificates for JWT. This public certificate is used to validate signatures for JWTs issued by this client for authenticating itself against AD FS by using the private key JWT client authentication method.
| Type: | X509Certificate2[] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies revocation checks to perform to validate signatures for JWTs sent by confidential clients. The acceptable values for this parameter are:
- None
- CheckEndCert
- CheckEndCertCacheOnly
- CheckChain
- CheckChainCacheOnly
- CheckChainExcludeRoot
- CheckChainExcludeRootCacheOnly
| Type: | RevocationSetting |
| Parameter Sets: | None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies an array of redirection URIs for the OAuth 2.0 client to register with AD FS. The redirection URI is specified by the OAuth 2.0 client when it requests authorization to access a resource in ADFS.
The redirection URI specified by the client must already be registered with AD FS. It must correspond to the client identifier for that OAuth 2.0 client. If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, ADFS delivers the authorization code or access token by redirecting the client's user-agent back to this redirection URI.
The value of this parameter must match exactly the redirection URI that is specified by the OAuth 2.0 client when requesting authorization. This includes trailing slashes '/', if they are required. We recommended the use of more secure schemes such as https in a redirection URI.
For Windows Store applications that authenticate by using the Windows Web Authentication Broker, use the
ms-app://
scheme for a redirection URI.
If you are developing a Windows Store application, obtain the redirection URI for your application by using the following code fragment:
Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
| Type: | String[] |
| Position: | 3 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |