Manualshelf

Administrator Guide

ManualsBrandsDell ManualsCloudLink SecureVMHybrid Cloud System for Microsoft
31323334353637383940
NOTE: First, replace the values in bold.
For username and password values, specify the username and password of a user who is a member of the <
Prex
>-Diag-Admins
group.
$fqdn = "<adfs.contoso.com"
$dbServer = "<Prefix>SQLIN01\SQLIN01"
$dbUser = "username"
$dbPassword = "
password"
$portalConfigStoreConnectionString = [string]::Format('Data Source={0};Initial
Catalog=Microsoft.MgmtSvc.PortalConfigStore;User ID={1};Password={2}', $dbServer, $dbUser,
$dbPassword)
Set-MgmtSvcRelyingPartySettings -Target Tenant `
-MetadataEndpoint https://$fqdn/FederationMetadata/2007-06/FederationMetadata.xml `
-ConnectionString $portalConfigStoreConnectionString `
-DisableCertificateValidation
3 Congure AD FS to trust the tenant portal.
As an AD FS administrator, run the following Windows PowerShell script on the server on which AD FS is installed. Replace the values
in bold. For more information, see Congure Active Directory Federation Services for Windows Azure Pack.
$tenantRelyingPartyName = "Management Service - Tenant Site - 2012"
$tenantPortalUrl = "https://myfqdn:port"
$tenantRelyingPartyMetadataEndpoint = "$tenantPortalUrl/FederationMetadata/2007-06/
FederationMetadata.xml"
$identityProviderName = "Identity Provider Name – ex:Active Directory"
$transformationRules = (
"@RuleTemplate = ""LdapClaims"" @RuleName = ""UPN - LDAP"" c:[Type == ""http://
schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"", Issuer == ""AD
AUTHORITY""] => issue(store = ""Active Directory"", types = (""http://schemas.xmlsoap.org/ws/
2005/05/identity/claims/upn""), query = "";userPrincipalName;{0}"", param = c.Value);",
"@RuleTemplate = ""LdapClaims"" @RuleName = ""Groups - LDAP"" c:[Type == ""http://
schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"", Issuer == ""AD
AUTHORITY""] => issue(store = ""Active Directory"", types = (""http://schemas.xmlsoap.org/
claims/Group""), query = "";tokenGroups(domainQualifiedName);{0}"", param = c.Value);",
"@RuleTemplate = ""PassThroughClaims"" @RuleName = ""UPN - Passthrough"" c:[Type ==
""http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn""] => issue(claim = c);",
"@RuleTemplate = ""PassThroughClaims"" @RuleName = ""Groups - Passthrough"" c:[Type
== ""http://schemas.xmlsoap.org/claims/Group""] => issue(claim = c);")
$issuanceRules = (
"=> issue(Type = ""http://schemas.microsoft.com/authorization/claims/permit"", Value
= ""true"");")
$impersonationRules = (
"c:[Type == ""http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"",
Issuer =~""^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"" ] =>
issue(store=""_ProxyCredentialStore"", types=(""http://schemas.microsoft.com/authorization/
claims/permit""),query=""isProxySid({0})"", param=c.Value );c:[Type == ""http://
schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"", Issuer =~ ""^(AD AUTHORITY|SELF
AUTHORITY|LOCAL AUTHORITY)$"" ] => issue(store=""_ProxyCredentialStore"",types=(""http://
schemas.microsoft.com/authorization/claims/permit""),query=""isProxySid({0})"",
param=c.Value );c:[Type == ""http://schemas.microsoft.com/ws/2008/06/identity/claims/
proxytrustid"", Issuer =~ ""^SELF AUTHORITY$"" ] =>
issue(store=""_ProxyCredentialStore"",types=(""http://schemas.microsoft.com/authorization/
claims/permit""),query=""isProxyTrustProvisioned({0})"", param=c.Value );")
Add-AdfsRelyingPartyTrust `
-Enabled $true `
-Name "$tenantRelyingPartyName" `
-MetadataUrl "$tenantRelyingPartyMetadataEndpoint" `
-EnableJWT $true `
-AllowedClientTypes None `
-ClaimsProviderName @($identityProviderName) `
-IssuanceTransformRules ([System.String]::Concat($transformationRules)) `
40
Administration