Comments (8)
Hi Greg, this Dsc resource like all the others is community owned. I took over an older module, xAdfs which was initially developed by jcwalker about 4 years ago, but hadn't been touched much since. This module was pretty much started again from scratch, with my personal requirement being able to manage the install of a 2016/2019 ADFS farm along with ADFS Application Groups for OpenId Connect enabled applications and Web APIs.
I am actively developing it at the moment, and am hoping to publish an initial version to the PowerShell Gallery as soon as I have finished the AdfsWebApiApplication resource.
Once the module is reasonably stable, I will submit it to be maintained as one of the DscCommunity modules.
What type of Relying Parties would you be hoping to manage with it? WS-fed, SAML, OAuth or a mix?
The AdfsRelyingPartyTrust
resource currently supports relying parties with remote metadata as well as manually configured WS-Fed, but manually configured SAML is not currently implemented. This requires a SamlEndpoint object that I haven't implemented yet which will need to use a CIM EmbeddedInstance class.
I'm happy to accept PR's and issues on the module. What's your experience writing Dsc resources?
from adfsdsc.
Thanks for clarifying. I questioned because I saw Microsoft references and the resource did not have the traditional 'x' prefix. My needs would be primarily on AD FS 2016 and soon 2019 with mostly WSFed/SAML. One thing that stood out was the Authorization Issuance Rules appeared to be using ADFS 2.0 standards as 2016 introduced Access Policies.
I have some experience developing custom resources but not a fan of the older schema.mof requirements. But I can be consistent and align with the approach you have currently.
I'll give AdfsRelyingPartyTrust a spin and let you know what I think - I should be able to submit a PR to address gaps relating to SAML endpoints too.
from adfsdsc.
I also feel these have more value if supported with Invoke-DscResource as requiring LCM is often a deal breaker for some.
from adfsdsc.
I can confirm that both IssuanceTransformationRules & IssuanceAuthorizationRules do not work on AD FS 2016. I'll see what I can do.
from adfsdsc.
The 'x' prefix is legacy and shouldn't be used with new resources. See HighQualityModuleGuidelines.
I use Invoke-DscResource for debugging the resources, so that shouldn't be a problem.
I'm surprised IssuanceTransformationRules
and IssuanceAuthorizationRules
don't work as they are just strings, so let me know what you find.
Yes, Access Control Policies need adding, both to the AdfsRelyingPartyTrust
resource, and as a new resource themselves so custom policies can be created. Supporting what is available through the ADFS GUI should be reasonably easy, but fully supporting this may be very difficult. Do you use any complicated custom policies?
The other properties of the RelyingPartyTrust resource that haven't been implemented are EncryptionCertificate
and RequestSigningCertificate
. These need to be X509Certificate2
objects, so these would be challenging to implement. Do you need these?
from adfsdsc.
I've raised issue #2 for adding Access Control Policy support to the AdfsRelyingPartyTrust
resource.
from adfsdsc.
I've raised issue #3 for adding SAML endpoint support to the AdfsRelyingPartyTrust
resource.
from adfsdsc.
I'm closing this for now as we have had an official 1.0 release. If you have any problems with individual resources, please raise issues for them.
from adfsdsc.
Related Issues (20)
- AdfsRelyingPartyTrust: Add Missing Parameters
- AdfsWebApiApplication: Add Support for Access Control Policy Parameters
- AdfsWebApiApplication: Add Support for Custom Access Control Policy Parameters
- AdfsContactPerson: Add Support for an Empty Contact
- AdfsOrganization: Add Support for an Empty Organization
- AdfsProperties: Remove Obsolete Properties
- AdfsFarmNode: Remove Ensure Parameter as Remove-AdfsFarmNode cmdlet is deprecated
- AdfsDsc: Migrate to using DscResource.Common Module
- AdfsGlobalAuthenticationPolicy: Errors with older Versions of ADFS HOT 1
- ADFSFarm: Install ADFS Farm without Domain Admins privileges HOT 3
- AdfsCertificate: TokenSigningCertificates Add-ADFSCertificate missing? HOT 2
- AdfsClaimsProviderTrust: New Resource Proposal HOT 2
- AdfsProperties: The property 'AdditionalErrorPageInfo' cannot be found on this object HOT 3
- Reusing instances of MSFT_AdfsIssuanceTransformRule HOT 4
- AdfsWebApiApplication fails Test for CustomClaims IssuanceTransformRules HOT 2
- ADFSCertificate, ADFSFarm: Use latest cert that matches a CN HOT 3
- Declaring IssuanceTransformRules with ConfigurationData HOT 1
- AdfsWebApiApplication: Test-DscConfiguration Always Returns `$false` if Multiple `AllowedClientTypes` are Defined HOT 1
- AdfsApplicationPermission: 'Scopenames' Test expects particular order
- ADFSFarm: Test-Targetresource fails trying to use domain name as NetBIOS name
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adfsdsc.