en-US/about_SPWebAppAuthentication.help.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
.NAME
    SPWebAppAuthentication

# Description
    
    **Type:** Distributed
    
    This resource is responsible for configuring the authentication on a web
    application within the local SharePoint farm. The resource is able to
    configure the five available zones (if they exist) separately and each
    zone can have multiple authentication methods configured.
    
    NOTE:
    This resource cannot be used to convert a Classic web application
    to Claims mode. You have to run Convert-SPWebApplication manually for that.
    
    NOTE 2:
    Updating the configuration can take a long time, up to five minutes.
    The Set-SPWebApplication cmdlet sometimes requires several minutes to
    complete its action. This is not a SharePointDsc issue.
    
.PARAMETER WebAppUrl
    Key - string
    The URL of the web application

.PARAMETER Default
    Write - string
    Specifies the authentication for the Default zone.

.PARAMETER Intranet
    Write - string
    Specifies the authentication for the Intranet zone.

.PARAMETER Internet
    Write - string
    Specifies the authentication for the Internet zone.

.PARAMETER Extranet
    Write - string
    Specifies the authentication for the Extranet zone.

.PARAMETER Custom
    Write - string
    Specifies the authentication for the Custom zone.

.PARAMETER InstallAccount
    Write - string
    POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5


.EXAMPLE
    This example shows how to configure the authentication of a web application in the local farm using a custom
    claim provider. A SPTrustedIdentityTokenIssuer is created named Contoso, then this SPTrustedIdentityTokenIssuer
    is referenced by the SPWebAppAuthentication as the AuthenticationProvider and the AuthenticationMethod is set
    to "Federated" value.


    Configuration Example
    {
        param(
            [Parameter(Mandatory = $true)]
            [PSCredential]
            $SetupAccount
        )
        Import-DscResource -ModuleName SharePointDsc

        node localhost {

            SPWebAppAuthentication ContosoAuthentication
            {
                WebAppUrl   = "http://sharepoint.contoso.com"
                Default = @(
                    MSFT_SPWebAppAuthenticationMode {
                        AuthenticationMethod = "NTLM"
                    }
                )
                Extranet = @(
                    MSFT_SPWebAppAuthenticationMode {
                        AuthenticationMethod = "FBA"
                        MembershipProvider = "MemberPRovider"
                        RoleProvider = "RoleProvider"
                    }
                )
            }
        }
    }


.EXAMPLE
    This example shows how to configure the authentication of a web application in the local farm using a custom
    claim provider. A SPTrustedIdentityTokenIssuer is created named Contoso, then this SPTrustedIdentityTokenIssuer
    is referenced by the SPWebAppAuthentication as the AuthenticationProvider and the AuthenticationMethod is set
    to "Federated" value.


    Configuration Example
    {
        param(
            [Parameter(Mandatory = $true)]
            [PSCredential]
            $SetupAccount
        )
        Import-DscResource -ModuleName SharePointDsc

        node localhost {


            SPTrustedIdentityTokenIssuer SampleSPTrust
            {
                Name                         = "Contoso"
                Description                  = "Contoso"
                Realm                        = "https://sharepoint.contoso.com"
                SignInUrl                    = "https://adfs.contoso.com/adfs/ls/"
                IdentifierClaim              = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
                ClaimsMappings               = @(
                    MSFT_SPClaimTypeMapping{
                        Name = "Email"
                        IncomingClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
                    }
                    MSFT_SPClaimTypeMapping{
                        Name = "Role"
                        IncomingClaimType = "http://schemas.xmlsoap.org/ExternalSTSGroupType"
                        LocalClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
                    }
                )
                SigningCertificateThumbPrint = "F3229E7CCA1DA812E29284B0ED75A9A019A83B08"
                ClaimProviderName            = "LDAPCP"
                ProviderSignOutUri           = "https://adfs.contoso.com/adfs/ls/"
                Ensure                       = "Present"
                PsDscRunAsCredential         = $SetupAccount
            }


            SPWebAppAuthentication ContosoAuthentication
            {
                WebAppUrl   = "http://sharepoint.contoso.com"
                Default = @(
                    MSFT_SPWebAppAuthenticationMode {
                        AuthenticationMethod = "NTLM"
                    }
                )
                Internet = @(
                    MSFT_SPWebAppAuthenticationMode {
                        AuthenticationMethod = "Federated"
                        AuthenticationProvider = "Contoso"
                    }
                )
                DependsOn = "[SPTrustedIdentityTokenIssuer]SampleSPTrust"
            }
        }
    }