我已经使用ADFS MMC定义的ADFS应用程序组。我想创建部署脚本。我一直在使用新AdfsApplicationGroup和附加AdfsNativeClientApplication成功脚本。接下来,我想脚本的Web API。纵观获取-AdfsWebApiApplication的输出我看到下面的IssuanceTransformRules。该规则被命名和引用的模板。
@RuleTemplate = “LdapClaims”
@RuleName = “2”
C:[类型== “http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname”,发行人== “AD AUTHORITY”]
=>问题(存储= “活动目录”,类型=( “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”, “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name”, “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn”),查询= “;邮件,sAMAccountName赋,的UserPrincipalName; {0}”,PARAM = c.Value);
我这个脚本为:
Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes 6 -ApplicationGroupIdentifier "MyApp" -IssueOAuthRefreshTokensTo 2 -TokenLifetime 7 -Identifier {https://apphost/myapp/api/} -IssuanceTransformRules '@RuleTemplate = "LdapClaims", @RuleName = "2", c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";mail,sAMAccountName,userPrincipalName;{0}", param = c.Value);'
这将导致以下错误。
分析器错误:“POLICY0030:语法错误,意想不到的逗号,需要下列之一:O_SQ_BRACKET标识符NOT AT意味着”在行:1字符:1 +附加AdfsWebApiApplication -Name “我的Web API” -AllowedClientTypes ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo:InvalidData:(@RuleTemplate = ... RAM = c.Value);:字串)[添加-AdfsWebApiApplication],PolicyValidationException + FullyQualifiedErrorId:POLICY0002.Microsoft.IdentityServer.Management.Commands.Add-AdfsWebApiApplicationCommand
同时除去@RuleTemplate和@RuleName,以下执行成功,但产生不能使用图形模板提供下拉列表为LDAP属性和传出声明类型进行编辑自定义规则。
Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes 6 -ApplicationGroupIdentifier "MyApp" -IssueOAuthRefreshTokensTo 2 -TokenLifetime 7 -Identifier {https://apphost/myapp/api/} -IssuanceTransformRules 'c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";mail,sAMAccountName,userPrincipalName;{0}", param = c.Value);'
可能有人提出一个办法,包括脚本的名称或模板?
如果你有你的要求变换中的数据变量,然后在你的cmdlet的参考变量?
$transformRules = @"
@RuleTemplate = "LdapClaims"
@RuleName = "2"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";mail,sAMAccountName,userPrincipalName;{0}", param = c.Value);
"@
Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes 6 -ApplicationGroupIdentifier "MyApp" -IssueOAuthRefreshTokensTo 2 -TokenLifetime 7 -Identifier {https://apphost/myapp/api/} -IssuanceTransformRules $transformRules