none
In an ADFS Application Group, add Client Application/Permitted Scope to Web API with PowerShell RRS feed

  • Question

  • Hi all,

    We're using ADFS in Windows Server 2016 with latest updates from October 2017, and are working on automating some tasks.

    We're adding Application Groups, Server Applications, Native Applications and Web APIs with PowerShell, using the PS commands, 
    New-AdfsApplicationGroup
    Add-AdfsServerApplication
    Add-AdfsNativeClientApplication
    Add-AdfsWebApiApplication

    There is one thing I can't figure out. How do you add the Server Application or Native application to the Web API and give the application the permissions?
    (In the GUI you right-click the Application Group - Edit the Web API - Click the Client Permission tab - Under Client Application click Add - Choose the Server/Native Application - Under Permitted Scopes, mark the Scope Names that shall be permitted).

    Thank you,
    Andreas


    AN


    Friday, October 20, 2017 6:15 PM

Answers

  • Hi, I think you can use:

    Grant-AdfsApplicationPermission -ClientRoleIdentifier $clientAppIdGuid -ServerRoleIdentifier $relyingPartyIdentifier -ScopeNames $theScopesYouWantAssignedTo

    Hope it's what you're looking for!

    Monday, October 23, 2017 12:45 PM

All replies

  • Hi, I think you can use:

    Grant-AdfsApplicationPermission -ClientRoleIdentifier $clientAppIdGuid -ServerRoleIdentifier $relyingPartyIdentifier -ScopeNames $theScopesYouWantAssignedTo

    Hope it's what you're looking for!

    Monday, October 23, 2017 12:45 PM
  • That worked!
    So I think this part you actually do the same way as in 2012R2. 

    Thank you for your help! 


    AN

    Wednesday, October 25, 2017 7:32 PM