AdfsGlobalAuthenticationPolicy - X-Guardian/AdfsDsc GitHub Wiki

AdfsGlobalAuthenticationPolicy

Parameters

Parameter	Attribute	DataType	Description	Allowed Values
FederationService Name	Key	String	Specifies the DNS name of the federation service.
Additional Authentication Provider	Write	StringArray[]	Specifies an array of names of external authentication providers to add to the global policy.
AllowAdditional AuthenticationAs Primary	Write	Boolean	Specifying this parameter configures an external authentication provider for second stage authentication in the global policy.
ClientAuthentication Methods	Write	StringArray[]	Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy	`ClientSecretPostAuthentication`, `ClientSecretBasicAuthentication`, `PrivateKeyJWTBearerAuthentication`, `WindowsIntegratedAuthentication`, `None`
EnablePaginated AuthenticationPages	Write	Boolean	Enable the paginated authentication sign-in experience. This is only supported on Windows Server 2019 and above.
DeviceAuthentication Enabled	Write	Boolean	Specifies whether device authentication is enabled for the global policy.
DeviceAuthentication Method	Write	String	Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy.	`All`, `ClientTLS`, `SignedToken`
PrimaryExtranet Authentication Provider	Write	StringArray[]	Specifies an array of names of authentication providers for the primary extranet to add to the global policy.
PrimaryIntranet Authentication Provider	Write	StringArray[]	Specifies an array of names of authentication providers for the primary intranet to add to the global policy.
WindowsIntegrated FallbackEnabled	Write	Boolean	Specifies whether fallback to Integrated Windows Authentication is enabled on the intranet.

Description

The AdfsGlobalAuthenticationPolicy DSC resource manages the global authentication policy, which includes the providers currently allowed as additional providers in the AdditionalAuthenticationProvider property.

Examples

Example 1

This configuration will set the global authentication policy for the ADFS service.

Configuration AdfsGlobalAuthenticationPolicy_Config
{
    param()

    Import-DscResource -ModuleName AdfsDsc

    Node localhost
    {
        AdfsGlobalAuthenticationPolicy ContosoGlobalAuthenticationPolicy
        {
            FederationServiceName                  = 'sts.contoso.com'
            AdditionalAuthenticationProvider       = ''
            AllowAdditionalAuthenticationAsPrimary = $true
            ClientAuthenticationMethods            = 'ClientSecretPostAuthentication'
            EnablePaginatedAuthenticationPages     = $true
            DeviceAuthenticationEnabled            = $true
            DeviceAuthenticationMethod             = 'All'
            PrimaryExtranetAuthenticationProvider  = 'FormsAuthentication'
            PrimaryIntranetAuthenticationProvider  = 'WindowsAuthentication', 'FormsAuthentication', 'MicrosoftPassportAuthentication'
            WindowsIntegratedFallbackEnabled       = $true
        }
    }
}