-
Notifications
You must be signed in to change notification settings - Fork 5
AdfsGlobalAuthenticationPolicy
Simon Heather edited this page Apr 21, 2023
·
4 revisions
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| FederationService Name | Key | String | Specifies the DNS name of the federation service. | |
| Additional Authentication Provider | Write | StringArray[] | Specifies an array of names of external authentication providers to add to the global policy. | |
| AllowAdditional AuthenticationAs Primary | Write | Boolean | Specifying this parameter configures an external authentication provider for second stage authentication in the global policy. | |
| ClientAuthentication Methods | Write | StringArray[] | Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy |
ClientSecretPostAuthentication, ClientSecretBasicAuthentication, PrivateKeyJWTBearerAuthentication, WindowsIntegratedAuthentication, None
|
| EnablePaginated AuthenticationPages | Write | Boolean | Enable the paginated authentication sign-in experience. This is only supported on Windows Server 2019 and above. | |
| DeviceAuthentication Enabled | Write | Boolean | Specifies whether device authentication is enabled for the global policy. | |
| DeviceAuthentication Method | Write | String | Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy. |
All, ClientTLS, SignedToken
|
| PrimaryExtranet Authentication Provider | Write | StringArray[] | Specifies an array of names of authentication providers for the primary extranet to add to the global policy. | |
| PrimaryIntranet Authentication Provider | Write | StringArray[] | Specifies an array of names of authentication providers for the primary intranet to add to the global policy. | |
| WindowsIntegrated FallbackEnabled | Write | Boolean | Specifies whether fallback to Integrated Windows Authentication is enabled on the intranet. |
The AdfsGlobalAuthenticationPolicy DSC resource manages the global authentication policy, which includes the providers currently allowed as additional providers in the AdditionalAuthenticationProvider property.
This configuration will set the global authentication policy for the ADFS service.
Configuration AdfsGlobalAuthenticationPolicy_Config
{
param()
Import-DscResource -ModuleName AdfsDsc
Node localhost
{
AdfsGlobalAuthenticationPolicy ContosoGlobalAuthenticationPolicy
{
FederationServiceName = 'sts.contoso.com'
AdditionalAuthenticationProvider = ''
AllowAdditionalAuthenticationAsPrimary = $true
ClientAuthenticationMethods = 'ClientSecretPostAuthentication'
EnablePaginatedAuthenticationPages = $true
DeviceAuthenticationEnabled = $true
DeviceAuthenticationMethod = 'All'
PrimaryExtranetAuthenticationProvider = 'FormsAuthentication'
PrimaryIntranetAuthenticationProvider = 'WindowsAuthentication', 'FormsAuthentication', 'MicrosoftPassportAuthentication'
WindowsIntegratedFallbackEnabled = $true
}
}
}- AdfsApplicationGroup
- AdfsApplicationPermission
- AdfsCertificate
- AdfsClaimDescription
- AdfsContactPerson
- AdfsFarm
- AdfsFarmNode
- AdfsGlobalAuthenticationPolicy
- AdfsGlobalWebContent
- AdfsNativeClientApplication
- AdfsOrganization
- AdfsProperties
- AdfsRelyingPartyTrust
- AdfsServerApplication
- AdfsSslCertificate
- AdfsWebApiApplication