AdfsClaimsProviderTrust: New Resource Proposal

[shurick81]

Description

A counterpart of the Add-AdfsClaimsProviderTrust/Get-AdfsClaimsProviderTrust/Remove-AdfsClaimsProviderTrust would be great to have in the module.

Adfs Cmdlets Used

• Get-AdfsClaimsProviderTrust
• Set-AdfsClaimsProviderTrust
• Add-AdfsClaimsProviderTrust
• Remove-AdfsClaimsProviderTrust

Proposed properties

Parameter	Type	Description	Allowed Values
Name	Required - String	Specifies the friendly name of the claims provider trust.
Identifier	Key - String	Specifies the unique identifier for the claims provider trust. No other trust can use an identifier from this list. Uniform Resource Identifiers (URIs) are often used as unique identifiers for a claims provider trust, but any string of characters can be used.
TokenSigningCertificate	String[]	Specifies an array of token-signing certificates that the claims provider use. This should be in Base64 CER encoded format.
AutoUpdateEnabled	Write - Boolean	Indicates whether changes to the federation metadata by the MetadataURL parameter apply automatically to the configuration of the trust relationship. If this parameter has a value of $True, partner claims, certificates, and endpoints are updated automatically.
AllowCreate	Write - Boolean	Indicates whether the Security Assertion Markup Language (SAML) parameter AllowCreate is sent in SAML requests to the claims provider. The default value is $True.
AnchorClaimType	Write - String
CustomMFAUri	Write - String
EncryptionCertificateRevocationCheck	String	Check Specifies the type of validation that occurs for the encryption certificate before it is used for encrypting claims.	CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None
Enabled	Write - Boolean	Indicates whether the claims provider trust is enabled or disabled.
Notes	Write - String	Specifies notes for this claims provider trust.
ProtocolProfile	Write - String	Specifies which protocol profiles the claims provider supports. The default value is WsFed-SAML.	WSFederation, WsFed-SAML, SAML
EncryptedNameIdRequired	Write - Boolean	Indicates whether the relying party requires that the NameID claim be encrypted. This setting applies to SAML logout requests.
SamlAuthenticationRequestIndex	Write - Uint16	Specifies the value of AssertionConsumerServiceIndex that will be placed in SAML authentication requests that are sent to the claims provider.
SamlAuthenticationRequestParameters	Write - String	Specifies which parameter to use in SAML authentication requests to the claims provider.	Index, None, ProtocolBinding, Url, UrlWithProtocolBinding
SamlAuthenticationRequestProtocolBinding	Write - String	Specifies the value of ProtocolBinding to place in SAML authentication requests to the claims provider.	Artifact, POST, Redirect
SignatureAlgorithm	Write - String	Specifies the signature algorithm that the claims provider uses for signing and verification.	http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
SigningCertificateRevocationCheck	Write- String	Specifies the type of certificate validation that occurs when signatures are verified on responses or assertions from the claims provider.	CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly, CheckEndCert, CheckEndCertCacheOnly, None
SupportsMfa	Write - Boolean
PromptLoginFederation	Write - String		None, FallbackToProtocolSpecificParameters, ForwardPromptAndHintsOverWsFederation, Disabled
PromptLoginFallbackAuthenticationType	Write - String	Specifies a fallback authentication type for a prompt login request.
RequiredNameIdFormat	Write - String	Specifies the format that is required for NameID claims to be included in SAML requests to the claims provider. By default, no format is required.
EncryptionCertificate	Write- String	Specifies the certificate to be used for encrypting a NameID to this claims provider in SAML logout requests. Encrypting the NameID is optional. This should be in Base64 CER encoded format.
OrganizationalAccountSuffix	Write - String[]	Specifies an array of organizational account suffixes an administrator can configure for the claims provider trust for a Home Realm Discovery (HRD) scenario.
WSFedEndpoint	Write -String	Specifies the WS-Federation Passive URL for this claims provider.
ClaimOffered	Write - String[]	Specifies an array of claims that are offered by this claims provider.
SamlEndpoint	Write - MSFT_AdfsSaml Endpoint	Specifies an array of SAML protocol endpoints for this claims provider.
SignedSamlRequestsRequired	Write - Boolean	Indicates whether the Federation Service requires signed SAML protocol requests from the relying party. If you specify a value of $True, the Federation Service rejects unsigned SAML protocol requests.
AcceptanceTransformRules	Write - String	Specifies the claim acceptance transform rules for accepting claims from this claims provider. These rules determine the information that is accepted from the partner represented by the claims provider trust.
MonitoringEnabled	Write - String	Indicates whether periodic monitoring of this claims provider's federation metadata is enabled. The URL of the claims provider's federation metadata is specified by the MetadataUrl parameter.
MetadataUrl	Write - String	Specifies the URL at which the federation metadata for the claims provider trust is available.

Special considerations or limitations

[X-Guardian]

Hi @shurick81, I updated this request with a list of proposed properties. Happy to review a PR if you want to attempt this.

[shurick81]

Hi, do you have some infrastructure as code for the dev environment, similar to what you use for CI? I can create a separate ticket for that and contribute to it also.