search

X-Guardian / AdfsDsc

DSC resources for deployment and configuration of Active Directory Federation Services
MIT License
9 stars 5 forks source link

AdfsClaimsProviderTrust: New Resource Proposal #50

Open shurick81 opened 3 years ago

shurick81 commented 3 years ago

Description

A counterpart of the Add-AdfsClaimsProviderTrust/Get-AdfsClaimsProviderTrust/Remove-AdfsClaimsProviderTrust would be great to have in the module.

Adfs Cmdlets Used

Proposed properties

Parameter Type Description Allowed Values
Name Required - String Specifies the friendly name of the claims provider trust.
Identifier Key - String Specifies the unique identifier for the claims provider trust. No other trust can use an identifier from this list. Uniform Resource Identifiers (URIs) are often used as unique identifiers for a claims provider trust, but any string of characters can be used.
TokenSigningCertificate String[] Specifies an array of token-signing certificates that the claims provider use. This should be in Base64 CER encoded format.
AutoUpdateEnabled Write - Boolean Indicates whether changes to the federation metadata by the MetadataURL parameter apply automatically to the configuration of the trust relationship. If this parameter has a value of $True, partner claims, certificates, and endpoints are updated automatically.
AllowCreate Write - Boolean Indicates whether the Security Assertion Markup Language (SAML) parameter AllowCreate is sent in SAML requests to the claims provider. The default value is $True.
AnchorClaimType Write - String
CustomMFAUri Write - String
EncryptionCertificateRevocationCheck String Check Specifies the type of validation that occurs for the encryption certificate before it is used for encrypting claims. CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None
Enabled Write - Boolean Indicates whether the claims provider trust is enabled or disabled.
Notes Write - String Specifies notes for this claims provider trust.
ProtocolProfile Write - String Specifies which protocol profiles the claims provider supports. The default value is WsFed-SAML. WSFederation, WsFed-SAML, SAML
EncryptedNameIdRequired Write - Boolean Indicates whether the relying party requires that the NameID claim be encrypted. This setting applies to SAML logout requests.
SamlAuthenticationRequestIndex Write - Uint16 Specifies the value of AssertionConsumerServiceIndex that will be placed in SAML authentication requests that are sent to the claims provider.
SamlAuthenticationRequestParameters Write - String Specifies which parameter to use in SAML authentication requests to the claims provider. Index, None, ProtocolBinding, Url, UrlWithProtocolBinding
SamlAuthenticationRequestProtocolBinding Write - String Specifies the value of ProtocolBinding to place in SAML authentication requests to the claims provider. Artifact, POST, Redirect
SignatureAlgorithm Write - String Specifies the signature algorithm that the claims provider uses for signing and verification. http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
SigningCertificateRevocationCheck Write- String Specifies the type of certificate validation that occurs when signatures are verified on responses or assertions from the claims provider. CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None
SupportsMfa Write - Boolean
PromptLoginFederation Write - String None, FallbackToProtocolSpecificParameters, ForwardPromptAndHintsOverWsFederation, Disabled
PromptLoginFallbackAuthenticationType Write - String Specifies a fallback authentication type for a prompt login request.
RequiredNameIdFormat Write - String Specifies the format that is required for NameID claims to be included in SAML requests to the claims provider. By default, no format is required.
EncryptionCertificate Write- String Specifies the certificate to be used for encrypting a NameID to this claims provider in SAML logout requests. Encrypting the NameID is optional. This should be in Base64 CER encoded format.
OrganizationalAccountSuffix Write - String[] Specifies an array of organizational account suffixes an administrator can configure for the claims provider trust for a Home Realm Discovery (HRD) scenario.
WSFedEndpoint Write -String Specifies the WS-Federation Passive URL for this claims provider.
ClaimOffered Write - String[] Specifies an array of claims that are offered by this claims provider.
SamlEndpoint Write - MSFT_AdfsSaml Endpoint Specifies an array of SAML protocol endpoints for this claims provider.
SignedSamlRequestsRequired Write - Boolean Indicates whether the Federation Service requires signed SAML protocol requests from the relying party. If you specify a value of $True, the Federation Service rejects unsigned SAML protocol requests.
AcceptanceTransformRules Write - String Specifies the claim acceptance transform rules for accepting claims from this claims provider. These rules determine the information that is accepted from the partner represented by the claims provider trust.
MonitoringEnabled Write - String Indicates whether periodic monitoring of this claims provider's federation metadata is enabled. The URL of the claims provider's federation metadata is specified by the MetadataUrl parameter.
MetadataUrl Write - String Specifies the URL at which the federation metadata for the claims provider trust is available.

Special considerations or limitations

X-Guardian commented 3 years ago

Hi @shurick81, I updated this request with a list of proposed properties. Happy to review a PR if you want to attempt this.

shurick81 commented 3 years ago

Hi, do you have some infrastructure as code for the dev environment, similar to what you use for CI? I can create a separate ticket for that and contribute to it also.