powershell - ADFS PowerShell:在 IssuanceTransformRules 中使用 RuleTemplate 编写 Web API (Add-AdfsWebApiApplication)
问题描述
我已经使用 ADFS MMC 定义了一个 ADFS 应用程序组。我想为部署创建一个脚本。我已经使用 New-AdfsApplicationGroup 和 Add-AdfsNativeClientApplication 成功编写了脚本。接下来,我想编写 Web API 脚本。查看 Get-AdfsWebApiApplication 的输出,我看到以下 IssuanceTransformRules。该规则被命名并引用一个模板。
@RuleTemplate = "LdapClaims"
@RuleName = "2"
c:[Type == " http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname ", Issuer == "AD AUTHORITY"]
=>问题(存储=“活动目录”,类型=(“ http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress ”,“ http://schemas.xmlsoap.org/ws /2005/05/identity/claims/name ", " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn "), query = ";mail,sAMAccountName,userPrincipalName;{0} ", 参数 = c.Value);
我将其编写为:
Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes 6 -ApplicationGroupIdentifier "MyApp" -IssueOAuthRefreshTokensTo 2 -TokenLifetime 7 -Identifier {https://apphost/myapp/api/} -IssuanceTransformRules '@RuleTemplate = "LdapClaims", @RuleName = "2", c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";mail,sAMAccountName,userPrincipalName;{0}", param = c.Value);'
这会导致以下错误。
解析器错误:'POLICY0030:语法错误,意外的 COMMA,期待以下之一:O_SQ_BRACKET IDENTIFIER NOT AT AT IMPLY。在 line:1 char:1 + Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo :InvalidData: (@RuleTemplate =... ram = c.Value);:String) [Add-AdfsWebApiApplication], PolicyValidationException + FullyQualifiedErrorId: POLICY0002.Microsoft.IdentityServer.Management.Commands.Add-AdfsWebApiApplicationCommand
删除@RuleTemplate 和@RuleName,以下成功执行但生成无法使用图形模板编辑的自定义规则,该图形模板提供LDAP 属性和传出声明类型的下拉列表。
Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes 6 -ApplicationGroupIdentifier "MyApp" -IssueOAuthRefreshTokensTo 2 -TokenLifetime 7 -Identifier {https://apphost/myapp/api/} -IssuanceTransformRules 'c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";mail,sAMAccountName,userPrincipalName;{0}", param = c.Value);'
有人会建议一种在脚本中包含名称或模板的方法吗?
解决方案
如果您将转换声明数据包含在变量中,然后在 cmdlet 中引用变量会怎样?
$transformRules = @"
@RuleTemplate = "LdapClaims"
@RuleName = "2"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";mail,sAMAccountName,userPrincipalName;{0}", param = c.Value);
"@
Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes 6 -ApplicationGroupIdentifier "MyApp" -IssueOAuthRefreshTokensTo 2 -TokenLifetime 7 -Identifier {https://apphost/myapp/api/} -IssuanceTransformRules $transformRules
推荐阅读
- javascript - 如何使用 jQuery ajax 上传 jpeg 文件?
- javascript - 我可以使用 JavaScript 获取将表单数据存储在内存中吗?
- python - Class::__del__:尝试在析构函数中使用成员对象释放资源失败
- python - 在使用字典(字谜)时比较 2 个字符串
- swift - 如何实现 Evenkit 以请求许可
- python - 自定义用户模型认证表单修改
- android - 如何在 AndroidViewModel 中初始化 MutableLiveData 的空数组?
- node.js - 节点 js 上 express-fileupload 上的 FTP
- keycloak - 如何使用 keycloak 为我的 gravitee.io api 添加安全性?
- android - 在 RealmConfiguration 构建期间获取领域旧架构版本