SharePoint Pals
 | Sign In
Creating an ADFS2.0 TrustedIdentityTokenIssuer using PowerShell in SharePoint 2013
by Sathish Nadarajan 1 Oct 2013
SharePoint MVP
Today  :   10     Total  :    16359

In this article, let us see, how to create an ADFS 2.0 Trusted Identity Token Issuer (SPTrustedIdentityTokenIssuer) using PowerShell in SharePoint 2013.

In many scenarios, we require some claims based authentication for our web application. These claims based authentication can be done by using some third party tools like ADFS 2.0. Already we had enough discussions about the installation, configuration of ADFS. Hence, in this article, as a series of powershell scripts, let us focus only on the powershell portion alone.

The steps are as follows.

a. Add the Certificate to the Trusted Root Authorities.

b. Create the Claims mappings.

c. Create a variable for the realms.

d. Create a Signin URL

e. Create the New-SPTrustedIdentityTokenIssuer

And the script is as follows.


Add-PSSnapin "Microsoft.SharePoint.PowerShell"

# Add the Certificate to the Trusted Root Authorities

$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\Certs\ADFSCert.cer")

New-SPTrustedRootAuthority -Name "Token Signing Cert ADFSAuthenticatedSite" -Certificate $cert

# Create the Claims Mappings

$map = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "EmailAddress" –SameAsIncoming

$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "UPN" –SameAsIncoming

$RoleClaimmap = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "Role" –SameAsIncoming

# Create a Realm variable


#Create a Signin URL


# Create the TrustedIdentityTokenIssuer

$ap1 = New-SPTrustedIdentityTokenIssuer -Name “XYZ” -Description “Test”-realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map,$upnClaimMap,$RoleClaimmap -SignInUrl $signInURL -IdentifierClaim $map.InputClaimType

· The “Name” attribute describes which authentication provider a Web application is configured for.

· The “Realm” attribute defines the realm to be used by the trusted identity token issuer.

The “ImportTrustCertificate” attribute is what is passed to the token signing certificate copied from the AD FS server in this scenario.

· The “ClaimsMappings” attribute are the claims the trusted identity token issuer will use.

The “SignInUrl” is the URL that users should be redirected to authenticate with the IP-STS. In this scenario, users authenticate with the AD FS server by using Windows integrated security, so they are redirected to the /AD FS/ls subdirectory.

· The “IdentifierClaim” attribute instructs SharePoint Server which of the claims will be the claim used to identify users. In this scenario the e-mail address is used to identify a user.


This seems to be very simple.  But sometime, it will kill our time like anything.  Hence, I request to follow the procedures step by step and if we make any mistake, it is very hard to revert as well as fix the issue. 


Happy coding.

blog comments powered by Disqus

SharePoint Pals

SharePoint Pals, a community portal for SharePoint developers, Administrators and End Users. Let's join hands and share the point together.
Read this on mobile


Angular Js Training In Chennai
Advanced Angular Js training with real world developer scenarios
Angular Js, Web Api and Ionic for .Net Developers
All in one client side application development for .Net developers
Angular Js For SharePoint Developers
Get ready for the future. Its no more just C#

Get Connected

SharePoint Resources

SharePoint 2013 and 2010 Web Parts
Free Web Parts with Source Code for SharePoint Community

SharePoint 2013 Books and Tutorials
Collection of free SharePoint 2013 books and tutorials (eBooks, pdfs)

Supported By

Contribute your article and be eligible for a one month Free Subscription for Plural Sight. The Author of the most popular New Article (published in the previous month) will be awarded with a Free One month Plural Sight Subscription. Article can be sent to in a word document.

Related Resources

Recent Tweets

Twitter October 23, 22:21
How to Add/Remove User Custom Actions (in Site Actions Menu) Programmatically using CSOM PNP in SharePoint -

Twitter October 21, 21:34
How to Add a JS Link Reference to the Display Form or Any other ASPX Programmatically using CSOM PNP in SharePoint -

Twitter October 20, 13:01
How to Add a JS Link Reference to the NewForm and EditForm Programmatically using CSOM PNP in SharePoint Office 365-

Twitter October 12, 12:15
How to Deploy Provider Hosted Apps (Add-Ins) by App Stapling in SharePoint Office 365 -

Twitter October 11, 13:39
How to Deploy Provider HostedApp programmatically using CSOM in SharePoint Office 365 Activating Developer Feature -

Follow us @SharePointPals
Note: For Customization and Configuration, CheckOutRecent Tweets Documentation