BPuhl’s Blog

A little bit of everything without actually being much of anything

PoSH for ADFS

Posted by BPuhl on August 6, 2009

* This post applies to the Beta 2 release of ADFS and may or may not apply to the final product *

Some useful snippets from the ADFS/PowerShell world  (by no means exhaustive, just enough to get you going):

PS C:\Users\bpuhl> get-pssnapin -registered

Name        : Microsoft.IdentityServer.PowerShell
PSVersion   : 1.0
Description : This powershell snap-in contains cmdlets used to manage Microsoft Identity Server resources.

PS C:\Users\bpuhl> get-pssnapin -registered | add-pssnapin
PS C:\Users\bpuhl> get-command get-GS*

CommandType     Name                                                Definition
———–     —-                                                ———-
Cmdlet          Get-GSAttributeStore                                Get-GSAttributeStore [[-Name] <String[]>] [-Verb…
Cmdlet          Get-GSCertificate                                   Get-GSCertificate [[-CertificateType] <String[]>…
Cmdlet          Get-GSClaimType                                     Get-GSClaimType [[-Name] <String[]>] [-Verbose] …
Cmdlet          Get-GSDelegate                                      Get-GSDelegate [[-Name] <String[]>] [-Verbose] […
Cmdlet          Get-GSEndpoint                                      Get-GSEndpoint [[-Address] <String[]>] [-Verbose…
Cmdlet          Get-GSIdentityProvider                              Get-GSIdentityProvider [[-Name] <String[]>] [-Ve…
Cmdlet          Get-GSInformationCard                               Get-GSInformationCard [[-CardName] <String[]>] […
Cmdlet          Get-GSProperties                                    Get-GSProperties [-Verbose] [-Debug] [-ErrorActi…
Cmdlet          Get-GSProxy                                         Get-GSProxy [-Verbose] [-Debug] [-ErrorAction <A…
Cmdlet          Get-GSProxyProperties                               Get-GSProxyProperties [-Verbose] [-Debug] [-Erro…
Cmdlet          Get-GSRelyingParty                                  Get-GSRelyingParty [[-Name] <String[]>] [-Verbos…

PS C:\Users\bpuhl>

But I will throw out one really useful tidbit for those of you who are playing with the proxy component of the ADFS beta release and are pulling your hair out trying to get it to talk back to your full server (this is assuming you’ve already got the proxy certificates in place):

Disable CRL checking on STS servers

set-gsproperties –proxyCertRevocationCheck “None”

Even if you have access to the CRL’s and everything *should* work for you.  In the Beta release, you need to disable CRL checking on the proxy certificate…

Advertisements

One Response to “PoSH for ADFS”

  1. Laura said

    ” In the Beta release, you need to disable CRL checking on the proxy certificate…”

    See? Told you it’s always PKI. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: