locked
ADFS Export/Import Relying Party Trust and ImpersonationAuthorizationRules RRS feed

  • Question

  • I have two questions:

    1. What is the best method to export and the re-import a relying party configuration? I wanted to create a test version of a production relying party trust on the same ADFS and needed to ensure I didn't miss anything. Is there a Powershell command which will do this for me?

    2. I attempted to manually recreate the original relying party trust by matching value for value but was unable to duplicate the attribute called "ImpersonationAuthorizationRules".   Where is that set?

    This is what I am missing and was hoping that an export/import would solve my problem.

    ImpersonationAuthorizationRules      : c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]
                                            => issue(store = "_ProxyCredentialStore", types = ("http://schemas.microsoft.com/authorization/claims/permit"), query = "isProxySid({0})", param = c.Value);
                                          
                                           c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]
                                            => issue(store = "_ProxyCredentialStore", types = ("http://schemas.microsoft.com/authorization/claims/permit"), query = "isProxySid({0})", param = c.Value);
                                          
                                           c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/proxytrustid", Issuer =~ "^SELF AUTHORITY$"]
                                            => issue(store = "_ProxyCredentialStore", types = ("http://schemas.microsoft.com/authorization/claims/permit"), query = "isProxyTrustProvisioned({0})", param = c.Value);
     

    Your thoughts?  Thanks

                                   

    Friday, February 27, 2015 10:52 PM

Answers

  • Hi,

    Regarding ADFS query, I suggest you refer to experts from the following forum to get professional support:

    Claims based access platform (CBA), code-named Geneva Forum

    http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva

    Thank you for your understanding and support.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Mr XMVP Sunday, March 1, 2015 5:46 PM
    • Marked as answer by Mahdi Tehrani Thursday, March 5, 2015 11:56 AM
    Saturday, February 28, 2015 9:20 AM