Remove From My Forums

Add additional claim rule in Issuance Authorization Rules

Question
0

Sign in to vote

Hello,

I try use powershell to add additional authorization claim rule for my existing relying party. Some of them already have some authorization rules.

I try the following command, but fail:
[String]$rules='@RuleTemplate = "Authorization" @RuleName = "<name>" c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "^(?i)<deny_group>$"] => issue(Type = "http://schemas.microsoft.com/authorization/claims/deny", Value = "DenyUsersWithClaim");'

Set-ADFSRelyingPartyTrust –TargetName '<relying_party>' –IssuanceAuthorizationRules @{add=$rules}

If i try with

Set-ADFSRelyingPartyTrust –TargetName '<relying_party>' –IssuanceAuthorizationRules $rules

it work, but it will cover my existing authorization rules.

Thanks.

Wednesday, January 4, 2017 3:41 AM

Answers

Hi WinneLao,

Here is how I would do it

$rule='@RuleTemplate = "Authorization" @RuleName = "<name>" c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "^(?i)<deny_group>$"] => issue(Type = "http://schemas.microsoft.com/authorization/claims/deny", Value = "DenyUsersWithClaim");'

$existingRule = get-adfsrelingpartytrust '<relying_party>' | select -expand IssuanceAuthorizationRules

$rules = "$existingRule `n$rule"

Set-ADFSRelyingPartyTrust –TargetName '<relying_party>' –IssuanceAuthorizationRules $rules

Good Luck!

Shane

Marked as answer by WinneLao Friday, January 6, 2017 1:54 AM

Wednesday, January 4, 2017 10:11 PM

All replies

Hi WinneLao,

Here is how I would do it

$rule='@RuleTemplate = "Authorization" @RuleName = "<name>" c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "^(?i)<deny_group>$"] => issue(Type = "http://schemas.microsoft.com/authorization/claims/deny", Value = "DenyUsersWithClaim");'

$existingRule = get-adfsrelingpartytrust '<relying_party>' | select -expand IssuanceAuthorizationRules

$rules = "$existingRule `n$rule"

Set-ADFSRelyingPartyTrust –TargetName '<relying_party>' –IssuanceAuthorizationRules $rules

Good Luck!

Shane

Marked as answer by WinneLao Friday, January 6, 2017 1:54 AM

Wednesday, January 4, 2017 10:11 PM

0

Sign in to vote

It works, Thank you very much :)

Friday, January 6, 2017 1:54 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Add additional claim rule in Issuance Authorization Rules

Question

Answers

All replies