Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
You can configure Active Directory® Federation Services (AD FS) 2.0 by using three approaches:
Using the AD FS 2.0 Management console
Using the Windows PowerShell command-line interface
Programmatically using the AD FS 2.0 application programming interface (API)
The first two approaches are intended for information technology (IT) professionals. The third approach is intended for developers who want to create custom tools to configure AD FS 2.0. This topic describes the third approach.
The AD FS 2.0 API provides command classes for each Windows PowerShell cmdlet, and it provides resource classes for the parameters and return values. The command classes extend the abstract System.Management.Automation.Cmdlet class.
For a complete list of Windows PowerShell cmdlets, see the following:
Adding Assembly References in Visual Studio
To use the AD FS 2.0 PowerShell API, you must add the following references to your project:
Microsoft.IdentityServer.PowerShell
System.Management.Automation
These instructions assume that you are running Microsoft Visual Studio 2008, configured for a C# development environment. To add the Microsoft.IdentityServer.PowerShell assembly reference:
On the Project menu, click Add Reference....
In the Add Reference dialog box, click the Browse tab, and browse to the folder where you installed AD FS 2.0. The default location is
C:\Program Files\Active Directory Federation Services 2.0.Select the Microsoft.IdentityServer.PowerShell.dll, and then click OK.
The System.Management.Automation assembly is in the Global Assembly Cache (GAC), but it is not available in the Add Reference dialog box. To add a reference to this assembly:
Right-click your project, and then click Unload Project.
Right-click the unloaded project, and then click Edit <project name>.csproj.
Add the following line under the
<ItemGroup>element:<Reference Include="System.Management.Automation" />Save and close the project file.
Right-click the unloaded project again, and click Reload Project. You should see the System.Management.Automation assembly in the References folder in your Solution Explorer.
Example: Adding a New Relying Party Trust
The following code sample shows how to add a new relying party trust with www.contoso.com using a metadata URL. Next, it lists all configured relying party trusts. Finally, it removes the www.contoso.com relying party trust.
using System;
using System.Collections;
using System.Collections.Generic;
using Microsoft.IdentityServer.PowerShell.Commands;
using Microsoft.IdentityServer.PowerShell.Resources;
class Program
{
static void Main()
{
Console.WriteLine("Adding Contoso Relying Party.");
AddRelyingPartyTrustCommand addRP =
new AddRelyingPartyTrustCommand();
string url = @"https://www.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml";
addRP.MetadataUrl = new Uri(url);
addRP.Name = "contoso";
IEnumerable result1 = addRP.Invoke();
// To actually invoke the command, we need to call
// GetEnumerator().MoveNext() on the result
result1.GetEnumerator().MoveNext();
Console.WriteLine("Listing all the Relying Parties.");
GetRelyingPartyTrustCommand getRP =
new GetRelyingPartyTrustCommand();
IEnumerable result2 = getRP.Invoke();
foreach (object obj in result2)
{
RelyingPartyTrust rp = obj as RelyingPartyTrust;
Console.WriteLine("{0}: {1}", rp.Identifier[0], rp.Name);
}
Console.WriteLine("Removing Contoso Relying Party.");
RemoveRelyingPartyTrustCommand removeRP =
new RemoveRelyingPartyTrustCommand();
removeRP.TargetName = "contoso";
IEnumerable result3 = removeRP.Invoke();
result3.GetEnumerator().MoveNext();
}
}
See Also
Microsoft.IdentityServer.PowerShell.Commands
Microsoft.IdentityServer.PowerShell.Resources
AD FS 2.0 Administration with Windows PowerShell
AD FS 2.0 Cmdlets in Windows PowerShell