Reputation: 7113
How can I create an ADFS relying party with an additional SAML endpoint using PowerShell?
I want to create an ADFS relying party with an additional SAML endpoint using:
$SamlEndpoint = New-AdfsSamlEndpoint `
-Binding "POST" `
-Protocol "SAMLSingleSignOn" `
-Uri "https://$AdditionalUrl/plugins/servlet/samlsso/metadata$SingleLogout"
Add-AdfsRelyingPartyTrust `
-Name "$Name" `
-MetadataUrl "https://$AppHost.lab.example.com/plugins/servlet/samlsso/metadata$SingleLogout" `
-SamlEndpoint $SamlEndpoint `
-AccessControlPolicyName "Permit Everyone" `
-MonitoringEnabled $true `
-AutoUpdateEnabled $true `
-IssuanceTransformRules $IssuanceRules
Without the parameter -SamlEndpoint ... the script works fine. With I get the error message:
Add-AdfsRelyingPartyTrust : Parameter set cannot be resolved using the specified named parameters. At C:\Users\ssh.AD\scripts\addRelyingParty.ps1:34 char:2 + Add-AdfsRelyingPartyTrust ` + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Add-AdfsRelyingPartyTrust], ParameterBindingException + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.IdentityServer.Management.Commands.AddRelyingPartyTrustCommand
How can I write that?
Upvotes: 1
Views: 2215
Answers (1)
Reputation: 823
There are several issues here.
First the $SamlEndpoint needs to be a "SAMLAssertionConsumer". SAMLSingleSignOn is for claims provider trusts.
Secondly you are using metadata while adding RP trust and are enabling and monitoring it. So the cmdlet will attempt to download metadata and use its values to define the RP trust properties such as endpoints. You need not provide the endpoint config as its published in metadata.
But if you wanted to add a RP trust as you see fit and then let AD FS monitor and fix via polling metadata I suggest doing it like so.
$SamlEndpoint = New-AdfsSamlEndpoint `
-Binding "POST" `
-Protocol "SAMLAssertionConsumer" `
-index 0 -isdefault $false `
-Uri "https://some/post/url/endpoint"
$samlEndpoint2 = New-AdfsSamlEndpoint `
-Binding Redirect `
-Protocol SAMLAssertionConsumer `
-Uri "https://some/redirect/endpoint"`
-Index 1 `
-IsDefault $true
Add-AdfsRelyingPartyTrust `
-Name "$Name" `
-Identifier "http://x/y" `
-SamlEndpoint $SamlEndpoint,$samlendpoint2 `
-AccessControlPolicyName "Permit Everyone" `
-MonitoringEnabled $false `
-AutoUpdateEnabled $false `
-IssuanceTransformRulesFile c:\my\rulesfile.txt
Get-AdfsRelyingPartyTrust -Name $name | Set-AdfsRelyingPartyTrust `
-MetadataUrl "https://$AppHost.lab.example.com/plugins/servlet/samlsso/metadata$SingleLogout" `
-MonitoringEnabled $true `
-AutoUpdateEnabled $true
Upvotes: 2
Related Questions
- Add Relying Party Trust is failing in ADFS SAML
- Microsoft ADFS with Powershell - Add Relying party trust with Secure Hash Algorithm SHA-1
- Configuring ADFS 2.0 as SAML identity provider for b2c
- SAML SSO WITH ADFS IN C#
- ADFS as a SAML Service Provider
- How to implement SAML for SSO using ADFS as identity Provider
- How do I set up AD FS 2.0 with a SAML 1.1 profile using Powershell?
- Use SAML to add Windows Credentials to ADFS
- SAML IDP and WS-Federation SP with ADFS 2.0
- How to set up simplesamlphp to use ADFS 2 as idp