compdigit44
asked on
ASFS 3.0 Additional Claim Rules using PowerShell Problems
We are trying to add any additional claim rule on one of our ADFS relaying party trust using the command below, But keep getting the Powershell error Get-Content positional parameter cannot be found that accepts argument 'System.object"
set-adferelyingpartytrust -name ABC -additionalauthenticationr
set-adferelyingpartytrust -name ABC -additionalauthenticationr
ASKER
Getting the message below...
Set-AdfsRelyingPartyTrust : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Set-AdfsRelyingPartyTrust -Name TrustTest1 -AdditionalAuthenticationR
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-AdfsRelyingPartyTrust
+ FullyQualifiedErrorId : AmbiguousParameterSet,Micr
Set-AdfsRelyingPartyTrust : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Set-AdfsRelyingPartyTrust -Name TrustTest1 -AdditionalAuthenticationR
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-AdfsRelyingPartyTrust
+ FullyQualifiedErrorId : AmbiguousParameterSet,Micr
Can't test this. According to https://docs.microsoft.com/en-us/powershell/module/adfs/set-adfsrelyingpartytrust?view=win10-ps
Try -TargetName TrustTest1 instead of "-Name TrustTest1"
Try -TargetName TrustTest1 instead of "-Name TrustTest1"
ASKER
I get this message when using -TargetName..
Set-AdfsRelyingPartyTrust : POLICY0002: Could not parse policy data.
Line number: 1, Column number: 139, Error token: -. Line: 'c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value ==
"S-1-5-21-489560845-177179
"http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value == "false"] -and [Type ==
"http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value == "true"] => issue(Type =
"http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value =
"http://schemas.microsoft.com/claims/multipleauthn")'.
Parser error: 'POLICY0029: Unexpected input.'
At line:1 char:1
+ Set-AdfsRelyingPartyTrust -TargetName "ServiceNowDev" -AdditionalAuthenticationR
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Microsoft.Ident...lyingPa
yTrust], PolicyValidationException
+ FullyQualifiedErrorId : POLICY0002,Microsoft.Ident
Set-AdfsRelyingPartyTrust : POLICY0002: Could not parse policy data.
Line number: 1, Column number: 139, Error token: -. Line: 'c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value ==
"S-1-5-21-489560845-177179
"http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value == "false"] -and [Type ==
"http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value == "true"] => issue(Type =
"http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value =
"http://schemas.microsoft.com/claims/multipleauthn")'.
Parser error: 'POLICY0029: Unexpected input.'
At line:1 char:1
+ Set-AdfsRelyingPartyTrust -TargetName "ServiceNowDev" -AdditionalAuthenticationR
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Microsoft.Ident...lyingPa
yTrust], PolicyValidationException
+ FullyQualifiedErrorId : POLICY0002,Microsoft.Ident
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We found when we simple select the group on the MFA tab for the relaying party and check both internal and external. It prompts for MFA but does it for everyone. If we remove the internal and external access check boxes, but leave the group, it does not prompt at all.
ASKER
I found by error, it was a typo
Open in new window