Skip to content

Instantly share code, notes, and snippets.

@rezarahimian

rezarahimian/Set-ClaimsXray.ps1

Created June 27, 2021 00:45
Show Gist options
  • Save rezarahimian/f1151fec475ad4e7390018055ec6d288 to your computer and use it in GitHub Desktop.
Save rezarahimian/f1151fec475ad4e7390018055ec6d288 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Set-ClaimsXray.ps1
$TrustName = "ClaimsXray"
$AuthZRules = "=>issue(Type = `"http://schemas.microsoft.com/authorization/claims/permit`", Value = `"true`"); "
$IssuanceRules = "@RuleName = `"Issue all claims`"`nx:[]=>issue(claim = x); "
$RedirectUrl = "https://adfshelp.microsoft.com/ClaimsXray/TokenResponse"
$SamlEndpoint = New-AdfsSamlEndpoint -Binding 'POST' -Protocol 'SAMLAssertionConsumer' -Uri $RedirectUrl
Add-ADFSRelyingPartyTrust `
-Name $TrustName `
-Identifier "urn:microsoft:adfs:claimsxray" `
-IssuanceAuthorizationRules $AuthzRules `
-IssuanceTransformRules $IssuanceRules `
-WSFedEndpoint $RedirectUrl `
-SamlEndpoint $SamlEndpoint
Add-AdfsClaimDescription `
-Name 'ClaimsXray Application' `
-ShortName 'claims_xray' `
-ClaimType 'http://schemas.microsoft.com/claims/claimsxray' `
-Notes 'Claims for ClaimsXray Application' `
-IsAccepted $True `
-IsOffered $True
$CustomRules =
@"
@RuleTemplate = "LdapClaims"
@RuleName = "ClaimsXray Rule"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/claims/claimsxray",
"http://schemas.microsoft.com/claims/claimsxray", "http://schemas.microsoft.com/claims/claimsxray"), query =
";department,employeeID,title;{0}", param = c.Value);
"@
Set-AdfsRelyingPartyTrust -TargetName $TrustName -IssuanceTransformRules ($IssuanceRules + $CustomRules)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment