en-US/about_nocscienceat.vmware.ADFSOAuth.Help.txt
TOPIC
about_nocscienceat.vmware.ADFSOAuth SHORT DESCRIPTION Creates an Oauth2 security context derived from the GenericOAuth2SecurityContext class, which is also used by the VMware PowerCli's New-OAuthSecurityContext commandlet as the base class of the return value. New-ADFSOAuthSecurityContext internally uses the Microsoft Authentication Library (MSAL) embedded browser and is intended for environments with an MS ADFS server (2016 and later). Unlike New-OAuthSecurityContext, no browser window remains open during authentication and New-ADFSOAuthSecurityContext also does not require a free port for the redirect after authentication. Besides authentication using the embedded browser (IWA is supported), the authentication can be done using a certificate (User- or LocalMachine-Store). LONG DESCRIPTION Creates an Oauth2 security context derived from the GenericOAuth2SecurityContext class, which is also used by the VMware PowerCli's New-OAuthSecurityContext commandlet as the base class of the return value. New-ADFSOAuthSecurityContext internally uses the Microsoft Authentication Library (MSAL) embedded browser and is intended for environments with an MS ADFS server (2016 and later). Unlike New-OAuthSecurityContext, no browser window remains open during authentication and New-ADFSOAuthSecurityContext also does not require a free port for the redirect after authentication. Besides authentication using the embedded browser (IWA is supported), the authentication can be done using a certificate (User- or LocalMachine-Store). Parameter AuthenticationConfig: path of the configuration file that specifies the OAuth request. Syntax of the configuration file: { "OAuthRequestSettings": { "AdfsAuthority": "https://<adfs-fqdn>/adfs", "ClientId": "<Clientidentifier>", "RedirectUri": "<yourdomain>.<service>://auth", // omit if UseCertificate or UseCertificateLocalMachine are set to true "ResourceId": "<ResourceId>", "UseCertificate": false|true, // false: interactive authentication(or IWA); true: certificate based authentication "UseCertificateLocalMachine": false|true, // optional: specify this parameter and set it to true if the certificate should be taken from the LocalMachine store (instead of CurrentUser) "CertificateThumbprint": "<CertificateThumbprint>" // omit in case of interactive authentication } } |