New-SPTrustedIdentityTokenIssuer
Creates an identity provider in the farm.
Syntax
New-SPTrustedIdentityTokenIssuer
-ClaimsMappings <SPClaimMappingPipeBind[]>
-Description <String>
-IdentifierClaim <String>
-Name <String>
-Realm <String>
-SignInUrl <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-ClaimProvider <SPClaimProviderPipeBind>]
[-ImportTrustCertificate <X509Certificate2>]
[-UseWReply]
[-Confirm]
[-RegisteredIssuerName <String>]
[-SignOutUrl <String>]
[-WhatIf]
[<CommonParameters>]
New-SPTrustedIdentityTokenIssuer
-ClaimsMappings <SPClaimMappingPipeBind[]>
-Description <String>
-IdentifierClaim <String>
-Name <String>
-Realm <String>
-SignInUrl <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-ClaimProvider <SPClaimProviderPipeBind>]
-MetadataEndPoint <Uri>
[-UseWReply]
[-Confirm]
[-SignOutUrl <String>]
[-WhatIf]
[<CommonParameters>]
New-SPTrustedIdentityTokenIssuer
-Description <String>
-Name <String>
-Realm <String>
-SignInUrl <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-ImportTrustCertificate <X509Certificate2>]
[-UseWReply]
[-Confirm]
[-IdentifierClaimIs <String>]
[-RegisteredIssuerName <String>]
[-SignOutUrl <String>]
[-UseDefaultConfiguration]
[-WhatIf]
[<CommonParameters>]
Description
The New-SPTrustedIdentityTokenIssuer
cmdlet creates an identity provider in the farm.
This object is created and used only for setting this type of identity provider in a Web application.
The specified claim type cannot be NTLM, Classic NTLM, Negotiate, or Classic Negotiate.
For ASP.NET Membership provider or Role providers, no objects are persisted.
For security token service (STS) identity providers, this cmdlet creates and persists the identity provider object in the SPFarm object.
For permissions and the most current information about Windows PowerShell for SharePoint Products, see the online documentation at SharePoint Server Cmdlets.
Examples
----------------------- EXAMPLE---------------------------
New-SPTrustedIdentityTokenIssuer -Name "LiveIDSTS" - Description "LiveID STS" -Certificate (Get-ChildItem "cert:Certificates (LocalComputer)\Personal\Certificates -Name "LiveID Cert") -SignInUrl https://int.contoso.com/ -IdentifierClaim "http://schemas.contoso.com/2007/05/Claims/Puid"
This example creates a new identity provider in the farm named LiveIDSTS.
Parameters
-AssignmentCollection
Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the SPAssignment object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or SPSiteAdministration objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.
When the Global parameter is used, all objects are contained in the global store.
If objects are not immediately used, or disposed of by using the Stop-SPAssignment
command, an out-of-memory scenario can occur.
Type: | SPAssignmentCollection |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-ClaimProvider
Specifies the IP STS that can resolve and search claims for claims people picker.
The type must be a valid GUID, in the form 12345678-90ab-cdef-1234-567890bcdefgh; or a valid name of identity provider (for example, MyIDprovider1); or an instance of a valid SPIdentityProvider object.
Type: | SPClaimProviderPipeBind |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-ClaimsMappings
Specifies the mapping of the claims from the original token to the SharePoint token.
The type must be a valid GUID, in the form 12345678-90ab-cdef-1234-567890bcdefgh; or a valid name of a claim mapping rule (for example, Email); or an instance of a valid SPClaimMapping object.
Type: | SPClaimMappingPipeBind[] |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-Description
Specifies a description for the new identity provider.
The type must be a valid string; for example, LiveID STS.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-IdentifierClaim
Specifies which claim type from the trusted STS will be used for the new identity provider.
The type must be a valid claim type from the trusted STS; for example, http://schemas.microsoft.com/2007/05/Claims/Puid.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-IdentifierClaimIs
Specifies which of the default mapped claims should be used as the identifier claim.
Only used if the UseDefaultConfiguration parameter is set to true, otherwise use the IdentifierClaim parameter.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-ImportTrustCertificate
Specifies the X.509 certificate object from trusted authentication provider farm.
The type must be a name of a valid X.509 certificate; for example, Certificate1.
Type: | X509Certificate2 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-MetadataEndPoint
Specifies the URI for the metadata endpoint of the trusted provider.
Type: | Uri |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-Name
Specifies the name of the new identity provider.
The type must be a valid name of an identity provider; for example, LiveIDSTS.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-Realm
Specifies the realm, or resource partition, associated with this trust.
The type must be a name of a valid realm; for example, MD_REALM.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-RegisteredIssuerName
Specifies the Registered Issuer Name instead of not using the metadata endpoint.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-SignInUrl
Specifies the sign-in URLs for this trusted STS identity provider.
The type must be a valid URL, in the form https://int.live.com/.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-SignOutUrl
Specifies the sign out URI for the trusted provider. This lets SharePoint to sign the user out from the trusted provider when they sign out from SharePoint.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SSharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-UseDefaultConfiguration
Specifies if the default set of claim mappings should be used.
If UseDefaultConfiguration parameter is used, then the IdentifierClaimIs parameter must be used.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-UseWReply
Includes a WReply with the token request.
WReply is a URL at the relying party to which the requestor is redirected once sign-out processing is complete.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |