ADFS PowerShell：使用IssuanceTransformRules中的规则模板编写Web API脚本（添加ADFSWebAPI应用程序）_Powershell_Asp.net Web Api_Adfs_Adfs4.0

ADFS PowerShell：使用IssuanceTransformRules中的规则模板编写Web API脚本（添加ADFSWebAPI应用程序）

powershell asp.net-web-api

ADFS PowerShell：使用IssuanceTransformRules中的规则模板编写Web API脚本（添加ADFSWebAPI应用程序）,powershell,asp.net-web-api,adfs,adfs4.0,Powershell,Asp.net Web Api,Adfs,Adfs4.0,我已经使用ADFS MMC定义了一个ADFS应用程序组。我想为部署创建一个脚本。我已成功使用新的AdfsApplicationGroup编写脚本，并添加了ADFSNativeClient应用程序。接下来我要编写Web API的脚本。查看Get-AdfsWebApi应用程序的输出，我看到以下IssuanceTransformRules。规则已命名并引用模板 @RuleTemplate=“LdapClaims” @RuleName=“2” c:[类型]== "", 发行人==“广告授权”] =>问题

我已经使用ADFS MMC定义了一个ADFS应用程序组。我想为部署创建一个脚本。我已成功使用新的AdfsApplicationGroup编写脚本，并添加了ADFSNativeClient应用程序。接下来我要编写Web API的脚本。查看Get-AdfsWebApi应用程序的输出，我看到以下IssuanceTransformRules。规则已命名并引用模板

@RuleTemplate=“LdapClaims”

@RuleName=“2”

c:[类型]== "", 发行人==“广告授权”]

=>问题（store=“Active Directory”，类型=（“”， "", “”），查询= “mail，sAMAccountName，userPrincipalName；{0}”，param=c.Value）

我的脚本是：

Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes 6 -ApplicationGroupIdentifier "MyApp" -IssueOAuthRefreshTokensTo 2 -TokenLifetime 7 -Identifier {https://apphost/myapp/api/} -IssuanceTransformRules '@RuleTemplate = "LdapClaims", @RuleName = "2", c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";mail,sAMAccountName,userPrincipalName;{0}", param = c.Value);'

这将导致以下错误

分析程序错误：“POLICY0030:语法错误，意外的逗号，应为以下选项之一：O_SQ_括号标识符不在表示。'AT 行：1字符：1 +添加ADFSWebAPI应用程序-名称“我的Web API”-AllowedClientTypes。。。 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +CategoryInfo:InvalidData:（@RuleTemplate=…ram=c.Value）；：字符串）[添加ADFSWebAPI应用程序]， PolicyValidationException +FullyQualifiedErrorId:POLICY0002.Microsoft.IdentityServer.Management.Commands.Add-ADFSWebAPI应用程序命令

删除@RuleTemplate和@RuleName后，以下操作将成功执行，但会生成一个无法使用图形模板编辑的自定义规则，该图形模板提供LDAP属性和传出声明类型的下拉列表

Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes 6 -ApplicationGroupIdentifier "MyApp" -IssueOAuthRefreshTokensTo 2 -TokenLifetime 7 -Identifier {https://apphost/myapp/api/} -IssuanceTransformRules 'c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";mail,sAMAccountName,userPrincipalName;{0}", param = c.Value);'

是否有人建议在脚本中包含名称或模板？

如果在变量中包含转换声明数据，然后在cmdlet中包含引用变量，该怎么办

$transformRules = @"
@RuleTemplate = "LdapClaims"

@RuleName = "2"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]

=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";mail,sAMAccountName,userPrincipalName;{0}", param = c.Value);
"@

Add-AdfsWebApiApplication -Name "My Web API" -AllowedClientTypes 6 -ApplicationGroupIdentifier "MyApp" -IssueOAuthRefreshTokensTo 2 -TokenLifetime 7 -Identifier {https://apphost/myapp/api/} -IssuanceTransformRules $transformRules