en-US/about_SPWebAppAuthentication.help.txt
|
.NAME
SPWebAppAuthentication # Description **Type:** Distributed This resource is responsible for configuring the authentication on a web application within the local SharePoint farm. The resource is able to configure the five available zones (if they exist) separately and each zone can have multiple authentication methods configured. NOTE: This resource cannot be used to convert a Classic web application to Claims mode. You have to run Convert-SPWebApplication manually for that. NOTE 2: Updating the configuration can take a long time, up to five minutes. The Set-SPWebApplication cmdlet sometimes requires several minutes to complete its action. This is not a SharePointDsc issue. .PARAMETER WebAppUrl Key - string The URL of the web application .PARAMETER Default Write - string Specifies the authentication for the Default zone. .PARAMETER Intranet Write - string Specifies the authentication for the Intranet zone. .PARAMETER Internet Write - string Specifies the authentication for the Internet zone. .PARAMETER Extranet Write - string Specifies the authentication for the Extranet zone. .PARAMETER Custom Write - string Specifies the authentication for the Custom zone. .PARAMETER InstallAccount Write - string POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5 .EXAMPLE This example shows how to configure the authentication of a web application in the local farm using a custom claim provider. A SPTrustedIdentityTokenIssuer is created named Contoso, then this SPTrustedIdentityTokenIssuer is referenced by the SPWebAppAuthentication as the AuthenticationProvider and the AuthenticationMethod is set to "Federated" value. Configuration Example { param( [Parameter(Mandatory = $true)] [PSCredential] $SetupAccount ) Import-DscResource -ModuleName SharePointDsc node localhost { SPWebAppAuthentication ContosoAuthentication { WebAppUrl = "http://sharepoint.contoso.com" Default = @( MSFT_SPWebAppAuthenticationMode { AuthenticationMethod = "NTLM" } ) Extranet = @( MSFT_SPWebAppAuthenticationMode { AuthenticationMethod = "FBA" MembershipProvider = "MemberPRovider" RoleProvider = "RoleProvider" } ) } } } .EXAMPLE This example shows how to configure the authentication of a web application in the local farm using a custom claim provider. A SPTrustedIdentityTokenIssuer is created named Contoso, then this SPTrustedIdentityTokenIssuer is referenced by the SPWebAppAuthentication as the AuthenticationProvider and the AuthenticationMethod is set to "Federated" value. Configuration Example { param( [Parameter(Mandatory = $true)] [PSCredential] $SetupAccount ) Import-DscResource -ModuleName SharePointDsc node localhost { SPTrustedIdentityTokenIssuer SampleSPTrust { Name = "Contoso" Description = "Contoso" Realm = "https://sharepoint.contoso.com" SignInUrl = "https://adfs.contoso.com/adfs/ls/" IdentifierClaim = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ClaimsMappings = @( MSFT_SPClaimTypeMapping{ Name = "Email" IncomingClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" } MSFT_SPClaimTypeMapping{ Name = "Role" IncomingClaimType = "http://schemas.xmlsoap.org/ExternalSTSGroupType" LocalClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" } ) SigningCertificateThumbPrint = "F3229E7CCA1DA812E29284B0ED75A9A019A83B08" ClaimProviderName = "LDAPCP" ProviderSignOutUri = "https://adfs.contoso.com/adfs/ls/" Ensure = "Present" PsDscRunAsCredential = $SetupAccount } SPWebAppAuthentication ContosoAuthentication { WebAppUrl = "http://sharepoint.contoso.com" Default = @( MSFT_SPWebAppAuthenticationMode { AuthenticationMethod = "NTLM" } ) Internet = @( MSFT_SPWebAppAuthenticationMode { AuthenticationMethod = "Federated" AuthenticationProvider = "Contoso" } ) DependsOn = "[SPTrustedIdentityTokenIssuer]SampleSPTrust" } } } |