Created
April 21, 2020 05:51
-
-
Save thomaslazar/aaf82f53187b77f6ea7072125a6efa68 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory=$true, Position=0)] | |
| # [Parameter(Position=0)] | |
| [String]$CustomerId = "", | |
| [Parameter(Mandatory=$true, Position=1)] | |
| # [Parameter(Position=1)] | |
| [string]$HostName = "", | |
| [Parameter(Mandatory=$true, Position=2)] | |
| # [Parameter(Position=2)] | |
| [string]$CustomerGroup = "" | |
| ) | |
| [string[]]$redirectUri = "https://$HostName/mywebapp/","https://$HostName/mywebapp/silent-refresh.html","https://$($HostName):8081/swagger/oauth2-redirect.html" | |
| Write-Host "Deleting Application Group: $CustomerId" | |
| Remove-AdfsApplicationGroup $CustomerId | |
| Write-Host "Creating Application Group: $CustomerId" | |
| New-AdfsApplicationGroup $CustomerId | |
| Write-Host "Creating Native Client Application: $CustomerId - Native Application" | |
| Add-AdfsNativeClientApplication -ApplicationGroupIdentifier $CustomerId -Identifier "$CustomerId" -Name "$CustomerId - Native Application" -RedirectUri $redirectUri | |
| Write-Host "Creating Web Application: $CustomerId - Web Application" | |
| $transformRules = @" | |
| @RuleTemplate = "PassThroughClaims" | |
| @RuleName = "Role" | |
| c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"] | |
| => issue(claim = c); | |
| @RuleTemplate = "MapClaims" | |
| @RuleName = "Windows Account Name" | |
| c:[Type == | |
| "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] | |
| => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", | |
| Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, | |
| ValueType = c.ValueType); | |
| "@ | |
| $acl = @{ | |
| ClaimsParameter_0 = @{ ClaimType = 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role'; Operator = 'Contains'; Value = $CustomerGroup } | |
| } | |
| Add-AdfsWebApiApplication -ApplicationGroupIdentifier $CustomerId -Identifier "$CustomerId" -Name "$CustomerId - Web Application" -IssuanceTransformRules $transformRules -AccessControlPolicyName "Permit specific claim" -AccessControlPolicyParameters $acl -TokenLifetime 15 | |
| Write-Host "Granting Application Permissions: $CustomerId" | |
| Grant-AdfsApplicationPermission -ClientRoleIdentifier $CustomerId -ServerRoleIdentifier $CustomerId -ScopeNames "openid" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment