Add-Adfs Server Application

Adds a server application role to an application in AD FS.

Syntax

Add-AdfsServerApplication
   [-ApplicationGroupIdentifier] <String>
   [-Name] <String>
   [-Identifier] <String>
   [[-RedirectUri] <String[]>]
   [-Description <String>]
   [-ADUserPrincipalName <String>]
   [-JWTSigningCertificate <X509Certificate2[]>]
   [-JWTSigningCertificateRevocationCheck <RevocationSetting>]
   [-JWKSUri <Uri>]
   [-LogoutUri <String>]
   [-JWKSFile <String>]
   [-GenerateClientSecret]
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-AdfsServerApplication
   [-ApplicationGroup] <ApplicationGroup>
   [-Name] <String>
   [-Identifier] <String>
   [[-RedirectUri] <String[]>]
   [-Description <String>]
   [-ADUserPrincipalName <String>]
   [-JWTSigningCertificate <X509Certificate2[]>]
   [-JWTSigningCertificateRevocationCheck <RevocationSetting>]
   [-JWKSUri <Uri>]
   [-LogoutUri <String>]
   [-JWKSFile <String>]
   [-GenerateClientSecret]
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Add-AdfsServerApplication cmdlet adds a server application role to an application in Active Directory Federation Services (AD FS).

Required Parameters

-ApplicationGroup

Specifies an application group.

Type: ApplicationGroup
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
-ApplicationGroupIdentifier

Specifies an application group ID.

Type: String
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-Identifier

Specifies an ID.

Type: String
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Name

Specifies a name.

Type: String
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

Optional Parameters

-ADUserPrincipalName

Specifies the Active Directory account that corresponds to the confidential client that is registered. The only client authentication method available for use with Active Directory accounts is Windows Integrated Authentication (WIA).

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Description

Specifies a description.

Type: String
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-GenerateClientSecret

Indicates that this cmdlet generates a secret value for the client.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-JWKSFile

Specifies a file that contains a JSON Web Token (JWT).

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-JWKSUri

Specifies the URI of a JWT.

Type: Uri
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-JWTSigningCertificate

Specifies an array of signing certificates for JWT. This public certificate is used to validate signatures for JWTs issued by this client for authenticating itself against AD FS by using the private key JWT client authentication method.

Type: X509Certificate2[]
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-JWTSigningCertificateRevocationCheck

Specifies revocation checks to perform to validate signatures for JWTs sent by confidential clients. The acceptable values for this parameter are:

  • None
  • CheckEndCert
  • CheckEndCertCacheOnly
  • CheckChain
  • CheckChainCacheOnly
  • CheckChainExcludeRoot
  • CheckChainExcludeRootCacheOnly
Type: RevocationSetting
Parameter Sets: None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-LogoutUri

Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-RedirectUri

Specifies an array of redirection URIs for the OAuth 2.0 client to register with AD FS. The redirection URI is specified by the OAuth 2.0 client when it requests authorization to access a resource in ADFS.

The redirection URI specified by the client must already be registered with AD FS. It must correspond to the client identifier for that OAuth 2.0 client. If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, ADFS delivers the authorization code or access token by redirecting the client's user-agent back to this redirection URI.

The value of this parameter must match exactly the redirection URI that is specified by the OAuth 2.0 client when requesting authorization. This includes trailing slashes '/', if they are required. We recommended the use of more secure schemes such as https in a redirection URI.

For Windows Store applications that authenticate by using the Windows Web Authentication Broker, use the ms-app:// scheme for a redirection URI. If you are developing a Windows Store application, obtain the redirection URI for your application by using the following code fragment:

Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();

Type: String[]
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False