Add-AdfsServerApplication
Adds a server application role to an application in AD FS.
Syntax
Add-AdfsServerApplication
[-ApplicationGroupIdentifier] <String>
[-Name] <String>
[-Identifier] <String>
[[-RedirectUri] <String[]>]
[-Description <String>]
[-ADUserPrincipalName <String>]
[-JWTSigningCertificate <X509Certificate2[]>]
[-JWTSigningCertificateRevocationCheck <RevocationSetting>]
[-JWKSUri <Uri>]
[-LogoutUri <String>]
[-JWKSFile <String>]
[-GenerateClientSecret]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Add-AdfsServerApplication
[-ApplicationGroup] <ApplicationGroup>
[-Name] <String>
[-Identifier] <String>
[[-RedirectUri] <String[]>]
[-Description <String>]
[-ADUserPrincipalName <String>]
[-JWTSigningCertificate <X509Certificate2[]>]
[-JWTSigningCertificateRevocationCheck <RevocationSetting>]
[-JWKSUri <Uri>]
[-LogoutUri <String>]
[-JWKSFile <String>]
[-GenerateClientSecret]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Add-AdfsServerApplication cmdlet adds a server application role to an application in Active Directory Federation Services (AD FS).
Parameters
-ADUserPrincipalName
Specifies the Active Directory account that corresponds to the confidential client that is registered. The only client authentication method available for use with Active Directory accounts is Windows Integrated Authentication (WIA).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ApplicationGroup
Specifies an application group.
Type: | ApplicationGroup |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ApplicationGroupIdentifier
Specifies an application group ID.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Description
Specifies a description.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-GenerateClientSecret
Indicates that this cmdlet generates a secret value for the client.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Identifier
Specifies an ID.
Type: | String |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-JWKSFile
Specifies a file that contains a JSON Web Token (JWT).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-JWKSUri
Specifies the URI of a JWT.
Type: | Uri |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-JWTSigningCertificate
Specifies an array of signing certificates for JWT. This public certificate is used to validate signatures for JWTs issued by this client for authenticating itself against AD FS by using the private key JWT client authentication method.
Type: | X509Certificate2[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-JWTSigningCertificateRevocationCheck
Specifies revocation checks to perform to validate signatures for JWTs sent by confidential clients. The acceptable values for this parameter are:
- None
- CheckEndCert
- CheckEndCertCacheOnly
- CheckChain
- CheckChainCacheOnly
- CheckChainExcludeRoot
- CheckChainExcludeRootCacheOnly
Type: | RevocationSetting |
Accepted values: | None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-LogoutUri
Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
Specifies a name.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RedirectUri
Specifies an array of redirection URIs for the OAuth 2.0 client to register with AD FS. The redirection URI is specified by the OAuth 2.0 client when it requests authorization to access a resource in ADFS.
The redirection URI specified by the client must already be registered with AD FS. It must correspond to the client identifier for that OAuth 2.0 client. If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, ADFS delivers the authorization code or access token by redirecting the client's user-agent back to this redirection URI.
The value of this parameter must match exactly the redirection URI that is specified by the OAuth 2.0 client when requesting authorization. This includes trailing slashes '/', if they are required. We recommended the use of more secure schemes such as https in a redirection URI.
For Windows Store applications that authenticate by using the Windows Web Authentication Broker, use the ms-app://
scheme for a redirection URI.
If you are developing a Windows Store application, obtain the redirection URI for your application by using the following code fragment:
Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
Type: | String[] |
Position: | 3 |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |