Name |
Required - String |
Specifies the friendly name of the claims provider trust. |
|
Identifier |
Key - String |
Specifies the unique identifier for the claims provider trust. No other trust can use an identifier from this list. Uniform Resource Identifiers (URIs) are often used as unique identifiers for a claims provider trust, but any string of characters can be used. |
|
TokenSigningCertificate |
String[] |
Specifies an array of token-signing certificates that the claims provider use. This should be in Base64 CER encoded format. |
|
AutoUpdateEnabled |
Write - Boolean |
Indicates whether changes to the federation metadata by the MetadataURL parameter apply automatically to the configuration of the trust relationship. If this parameter has a value of $True , partner claims, certificates, and endpoints are updated automatically. |
|
AllowCreate |
Write - Boolean |
Indicates whether the Security Assertion Markup Language (SAML) parameter AllowCreate is sent in SAML requests to the claims provider. The default value is $True. |
|
AnchorClaimType |
Write - String |
|
|
CustomMFAUri |
Write - String |
|
|
EncryptionCertificateRevocationCheck |
String |
Check Specifies the type of validation that occurs for the encryption certificate before it is used for encrypting claims. |
CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None |
Enabled |
Write - Boolean |
Indicates whether the claims provider trust is enabled or disabled. |
|
Notes |
Write - String |
Specifies notes for this claims provider trust. |
|
ProtocolProfile |
Write - String |
Specifies which protocol profiles the claims provider supports. The default value is WsFed-SAML. |
WSFederation, WsFed-SAML, SAML |
EncryptedNameIdRequired |
Write - Boolean |
Indicates whether the relying party requires that the NameID claim be encrypted. This setting applies to SAML logout requests. |
|
SamlAuthenticationRequestIndex |
Write - Uint16 |
Specifies the value of AssertionConsumerServiceIndex that will be placed in SAML authentication requests that are sent to the claims provider. |
|
SamlAuthenticationRequestParameters |
Write - String |
Specifies which parameter to use in SAML authentication requests to the claims provider. |
Index, None, ProtocolBinding, Url, UrlWithProtocolBinding |
SamlAuthenticationRequestProtocolBinding |
Write - String |
Specifies the value of ProtocolBinding to place in SAML authentication requests to the claims provider. |
Artifact, POST, Redirect |
SignatureAlgorithm |
Write - String |
Specifies the signature algorithm that the claims provider uses for signing and verification. |
http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 |
SigningCertificateRevocationCheck |
Write- String |
Specifies the type of certificate validation that occurs when signatures are verified on responses or assertions from the claims provider. |
CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None |
SupportsMfa |
Write - Boolean |
|
|
PromptLoginFederation |
Write - String |
|
None, FallbackToProtocolSpecificParameters, ForwardPromptAndHintsOverWsFederation, Disabled |
PromptLoginFallbackAuthenticationType |
Write - String |
Specifies a fallback authentication type for a prompt login request. |
|
RequiredNameIdFormat |
Write - String |
Specifies the format that is required for NameID claims to be included in SAML requests to the claims provider. By default, no format is required. |
|
EncryptionCertificate |
Write- String |
Specifies the certificate to be used for encrypting a NameID to this claims provider in SAML logout requests. Encrypting the NameID is optional. This should be in Base64 CER encoded format. |
|
OrganizationalAccountSuffix |
Write - String[] |
Specifies an array of organizational account suffixes an administrator can configure for the claims provider trust for a Home Realm Discovery (HRD) scenario. |
|
WSFedEndpoint |
Write -String |
Specifies the WS-Federation Passive URL for this claims provider. |
|
ClaimOffered |
Write - String[] |
Specifies an array of claims that are offered by this claims provider. |
|
SamlEndpoint |
Write - MSFT_AdfsSaml Endpoint |
Specifies an array of SAML protocol endpoints for this claims provider. |
|
SignedSamlRequestsRequired |
Write - Boolean |
Indicates whether the Federation Service requires signed SAML protocol requests from the relying party. If you specify a value of $True, the Federation Service rejects unsigned SAML protocol requests. |
|
AcceptanceTransformRules |
Write - String |
Specifies the claim acceptance transform rules for accepting claims from this claims provider. These rules determine the information that is accepted from the partner represented by the claims provider trust. |
|
MonitoringEnabled |
Write - String |
Indicates whether periodic monitoring of this claims provider's federation metadata is enabled. The URL of the claims provider's federation metadata is specified by the MetadataUrl parameter. |
|
MetadataUrl |
Write - String |
Specifies the URL at which the federation metadata for the claims provider trust is available. |
|