Add-AdfsClient
Registers an OAuth 2.0 client with AD FS.
Syntax
Default (Default)
Add-AdfsClient
[-ClientId] <String>
[-Name] <String>
[[-RedirectUri] <String[]>]
[-Description <String>]
[-ClientType <ClientType>]
[-ADUserPrincipalName <String>]
[-JWTSigningCertificate <X509Certificate2[]>]
[-JWTSigningCertificateRevocationCheck <RevocationSetting>]
[-JWKSUri <Uri>]
[-JWKSFile <String>]
[-LogoutUri <String>]
[-GenerateClientSecret]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Add-AdfsClient cmdlet registers an OAuth client with Active Directory Federation Services (AD FS). In order to allow access from OAuth clients to resources secured by AD FS, you need to register the OAuth client with AD FS by using this cmdlet.
When you register an OAuth 2.0 client with AD FS, you must specify a client identifier and a redirection URI, as well as a friendly name and description, for the OAuth client. When an OAuth client requests access to a resource using the OAuth 2.0 protocol, the client must specify a client identifier and redirection URI to AD FS, in accordance with RFC 6749. AD FS will not allow access to a resource to clients that specify a client identifier or redirection URI that are not registered with AD FS.
Examples
Example 1: Add a client
PS C:\> Add-AdfsClient -Name "Payroll Application" -ClientId "ab762716-544d-4aeb-a526-687b73838a33" -RedirectUri "ms-app://s-1-15-2-2205112887-4282980309-3272664163-2407253042-283898840-27493891-3661245662/" -Description "OAuth 2.0 client for our Payroll application"
This command registers an OAuth 2.0 client with AD FS by using a client identifier, redirection URI, name, and description.
Example 2: Add a client with multiple redirection URIs
PS C:\> Add-AdfsClient -Name "Payroll Application" -ClientId "ab762716-544d-4aeb-a526-687b73838a33" -RedirectUri @("ms-app://s-1-15-2-2205112887-4282980309-3272664163-2407253042-283898840-27493891-3661245662/", "https://Contosopayrollapplication/oauthclient/") -Description "OAuth 2.0 client for our Payroll application"
This command registers an OAuth 2.0 client with a client identifier, two redirection URIs, a name and description with AD FS. The command uses two different redirections URIs to denote multiple forms of the application that may use different redirection URIs,
Parameters
-ADUserPrincipalName
Specifies an Active Directory user principal name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ClientId
Specifies the cliend ID.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-ClientType
Specifies the client type. The acceptable values for this parameter are:
- Public
- Confidential
Parameter properties
| Type: | ClientType |
| Default value: | None |
| Accepted values: | Public, Confidential |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Description
Specifies a description.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-GenerateClientSecret
Indicates whether to generate a client secret.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-JWKSFile
The Add-AdfsClient cmdlet registers an OAuth client with Active Directory Federation Services (AD FS). In order to allow access from OAuth clients to resources secured by AD FS, you need to register the OAuth client with AD FS by using this cmdlet.
When you register an OAuth 2.0 client with AD FS, you must specify a client identifier and a redirection URI, as well as a friendly name and description, for the OAuth client. When an OAuth client requests access to a resource using the OAuth 2.0 protocol, the client must specify a client identifier and redirection URI to AD FS, in accordance with RFC 6749. AD FS will not allow access to a resource to clients that specify a client identifier or redirection URI that are not registered with AD FS.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-JWKSUri
The Add-AdfsClient cmdlet registers an OAuth client with Active Directory Federation Services (AD FS). In order to allow access from OAuth clients to resources secured by AD FS, you need to register the OAuth client with AD FS by using this cmdlet.
When you register an OAuth 2.0 client with AD FS, you must specify a client identifier and a redirection URI, as well as a friendly name and description, for the OAuth client. When an OAuth client requests access to a resource using the OAuth 2.0 protocol, the client must specify a client identifier and redirection URI to AD FS, in accordance with RFC 6749. AD FS will not allow access to a resource to clients that specify a client identifier or redirection URI that are not registered with AD FS.
Parameter properties
| Type: | Uri |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-JWTSigningCertificate
The Add-AdfsClient cmdlet registers an OAuth client with Active Directory Federation Services (AD FS). In order to allow access from OAuth clients to resources secured by AD FS, you need to register the OAuth client with AD FS by using this cmdlet.
When you register an OAuth 2.0 client with AD FS, you must specify a client identifier and a redirection URI, as well as a friendly name and description, for the OAuth client. When an OAuth client requests access to a resource using the OAuth 2.0 protocol, the client must specify a client identifier and redirection URI to AD FS, in accordance with RFC 6749. AD FS will not allow access to a resource to clients that specify a client identifier or redirection URI that are not registered with AD FS.
Parameter properties
| Type: | X509Certificate2[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-JWTSigningCertificateRevocationCheck
The acceptable values for this parameter are:
- None
- CheckEndCert
- CheckEndCertCacheOnly
- CheckChain
- CheckChainCacheOnly
- CheckChainExcludeRoot
- CheckChainExcludeRootCacheOnly
Parameter properties
| Type: | RevocationSetting |
| Default value: | None |
| Accepted values: | None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, CheckChainExcludeRootCacheOnly |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-LogoutUri
Specifies the logout URI for the OAuth 2.0 client to register with the AD FS. When AD FS initiates a logout it redirects the client's user-agent to this URI by rendering this URI in an iframe. The value of this parameter must be an absolute URI, may include a query component, and must not include a fragment component. This parameter is available with the Windows Update KB4038801 installed.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Name
Specifies a name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RedirectUri
Specifies one or more redirection URIs. The cmdlet modifies the OAuth 2.0 client registration information with the redirection URIs that you specify.
The OAuth 2.0 client uses the redirection URI when the client requests authorization to access a resource secured by AD FS. You may register multiple redirection URIs for a single client identifier. The redirection URI must be a valid URI.
The redirection URI specified by the client must already be registered with AD FS and must correspond to the client identifier for that OAuth 2.0 client, in order for the client to be authorized to access the resource. If the client ID and redirection URI correspond to a pre-registered OAuth 2.0 client and the resource owner authorized access by providing their credentials, AD FS will deliver the authorization code or access token by redirecting the client's user-agent back to this redirection URI.
Ensure that the value of the RedirectUri parameter matches exactly the redirection URI that will be specified by the OAuth 2.0 client when requesting authorization, including trailing slashes (/), if required. Use more secure schemes, such as https, when you specify a redirection URI.
For Windows Store applications that authenticate using the Windows Web Authentication Broker, use the 'ms-app://' scheme when registering a redirect URI. For example, ms-app://s-1-15-2-1101140336-4090662585-1905587327-262951538-2732256205-1306401843-4235927180/ is a redirect URI for a Windows Store application. If you are developing a Windows Store application, you can obtain the redirect URI for your application using the following code fragment:
Uri redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 2 |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
String
String objects are received by the ClientId, Description, Name, and RedirectUri parameters.
Outputs
AdfsClient
Returns the new AdfsClient object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.