< Back
New-AADIntSAML2Token
Post
NAME New-AADIntSAML2Token
SYNOPSIS
Creates a SAML token
SYNTAX
New-AADIntSAML2Token [-UserName <String>] -ImmutableID <String> -Issuer <String> [-InResponseTo <String>]
[-NotBefore <DateTime>] [-NotAfter <DateTime>] -UseBuiltInCertificate [<CommonParameters>]
New-AADIntSAML2Token [-UserName <String>] -ImmutableID <String> -Issuer <String> [-InResponseTo <String>]
[-NotBefore <DateTime>] [-NotAfter <DateTime>] -Certificate <X509Certificate2> [<CommonParameters>]
New-AADIntSAML2Token [-UserName <String>] -ImmutableID <String> -Issuer <String> [-InResponseTo <String>]
[-NotBefore <DateTime>] [-NotAfter <DateTime>] -PfxFileName <String> [-PfxPassword <String>] [<CommonParameters>]
DESCRIPTION
Creates a valid SAML token for given user
PARAMETERS
-UserName <String>
User Principal Name (UPN) of the user. Not used by AAD Identity Federation so can be any email address.
Required? false
Position? named
Default value joulupukki@korvatunturi.fi
Accept pipeline input? false
Accept wildcard characters? false
-ImmutableID <String>
Immutable ID of the user. For synced users, this is user's AD object GUID encoded in B64.
For non-synced users this must be set manually, can be any unique string within the tenant.
User doesn't have to federated user.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Issuer <String>
Issuer identification of Identity Provider (IdP). Usually this is a FQDN of the ADFS server, but can be any
unique string within Azure AD. Must match federation information of validated domain in the tenant.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-InResponseTo <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-NotBefore <DateTime>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-NotAfter <DateTime>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-UseBuiltInCertificate [<SwitchParameter>]
Required? true
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Certificate <X509Certificate2>
A X509 certificate used to sign the SAML token. Must match federation information of validated domain in the
tenant.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PfxFileName <String>
The full path to .pfx file from where to load the certificate
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PfxPassword <String>
The password of the .pfx file
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-AADIntSAML2Token -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"
-PfxFileName "MyCert.pfx" -PfxPassword -Password "mypassword"
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$cert=Get-AADIntCertificate -FileName "MyCert.pfx" -Password "mypassword"
PS C:\\>New-AADIntSAML2Token -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"
-Certificate $cert
RELATED LINKS
SYNOPSIS
Creates a SAML token
SYNTAX
New-AADIntSAML2Token [-UserName <String>] -ImmutableID <String> -Issuer <String> [-InResponseTo <String>]
[-NotBefore <DateTime>] [-NotAfter <DateTime>] -UseBuiltInCertificate [<CommonParameters>]
New-AADIntSAML2Token [-UserName <String>] -ImmutableID <String> -Issuer <String> [-InResponseTo <String>]
[-NotBefore <DateTime>] [-NotAfter <DateTime>] -Certificate <X509Certificate2> [<CommonParameters>]
New-AADIntSAML2Token [-UserName <String>] -ImmutableID <String> -Issuer <String> [-InResponseTo <String>]
[-NotBefore <DateTime>] [-NotAfter <DateTime>] -PfxFileName <String> [-PfxPassword <String>] [<CommonParameters>]
DESCRIPTION
Creates a valid SAML token for given user
PARAMETERS
-UserName <String>
User Principal Name (UPN) of the user. Not used by AAD Identity Federation so can be any email address.
Required? false
Position? named
Default value joulupukki@korvatunturi.fi
Accept pipeline input? false
Accept wildcard characters? false
-ImmutableID <String>
Immutable ID of the user. For synced users, this is user's AD object GUID encoded in B64.
For non-synced users this must be set manually, can be any unique string within the tenant.
User doesn't have to federated user.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Issuer <String>
Issuer identification of Identity Provider (IdP). Usually this is a FQDN of the ADFS server, but can be any
unique string within Azure AD. Must match federation information of validated domain in the tenant.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-InResponseTo <String>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-NotBefore <DateTime>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-NotAfter <DateTime>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-UseBuiltInCertificate [<SwitchParameter>]
Required? true
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Certificate <X509Certificate2>
A X509 certificate used to sign the SAML token. Must match federation information of validated domain in the
tenant.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PfxFileName <String>
The full path to .pfx file from where to load the certificate
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PfxPassword <String>
The password of the .pfx file
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-AADIntSAML2Token -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"
-PfxFileName "MyCert.pfx" -PfxPassword -Password "mypassword"
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$cert=Get-AADIntCertificate -FileName "MyCert.pfx" -Password "mypassword"
PS C:\\>New-AADIntSAML2Token -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"
-Certificate $cert
RELATED LINKS