Citrix StoreFront SDK PowerShell Modules

Add-STFAuthenticationServiceTokenService

Add token creation and validation for external service

Syntax

Add-STFAuthenticationServiceTokenService [-CertificateId] <String> [-AuthenticationService] <AuthenticationService> [-RealmId] <String> [-ServiceName] <String> [-AllowedAudiences] <Uri[]> [[-Claims] <Hashtable>] [[-DefaultTokenLifeTime] <TimeSpan>] [[-MaximumTokenLifeTime] <TimeSpan>] [-ValidationServiceId] <String> [<CommonParameters>]



Add-STFAuthenticationServiceTokenService [-Certificate] <X509Certificate2> [-AuthenticationService] <AuthenticationService> [-RealmId] <String> [-ServiceName] <String> [-AllowedAudiences] <Uri[]> [[-Claims] <Hashtable>] [[-DefaultTokenLifeTime] <TimeSpan>] [[-MaximumTokenLifeTime] <TimeSpan>] [-ValidationServiceId] <String> [<CommonParameters>]
<!--NeedCopy-->

Detailed Description

Configures the Authentication service to produce tokens for an external service and validate them.

Parameters

Name Description Required? Pipeline Input Default Value
AuthenticationService The authentication service to update true true (ByValue)  
RealmId The identifier used to reference the service, the realm should match that used in the authentication challenge of the protected service true false  
CertificateId The identifier of an authentication service certificate true false  
Certificate An X509Certificate2 with private key for encryption and decryption true false  
ServiceName The name of the service that token validation is being configured for true false  
AllowedAudiences The allowed audiences for this token validation service true false  
Claims The claims to respond with for token validation false false  
DefaultTokenLifeTime The default token lifetime false false  
MaximumTokenLifeTime The maximum token lifetime false false  
ValidationServiceId The identifier to assign the token validation service configuration true false  

Input Type

Citrix.StoreFront.Model.Authentication.AuthenticationService

Parameter AuthenticationService: A .NET class representing the configuration of a StoreFront Authentication service

System.String

Parameter RealmId: The .NET System.String reference type

System.String

Parameter CertificateId: The .NET System.String reference type

System.Security.Cryptography.X509Certificates.X509Certificate2

Parameter Certificate: The .NET System.Security.Cryptography.X509Certificates.X509Certificate2 reference type

System.String

Parameter ServiceName: The .NET System.String reference type

System.Uri[]

Parameter AllowedAudiences: The .NET System.Uri reference type

System.Collections.Hashtable

Parameter Claims: The .NET System.Collections.Hashtable reference type

System.TimeSpan

Parameter DefaultTokenLifeTime: The .NET System.TimeSpan value type

System.TimeSpan

Parameter MaximumTokenLifeTime: The .NET System.TimeSpan value type

System.String

Parameter ValidationServiceId: The .NET System.String reference type

Return Values

TokenServicesConfiguration

The .NET Citrix.StoreFront.Model.Authentication.TokenServicesConfiguration reference type

Examples

EXAMPLE 1 Add Token Services for Secure Private Access

$authService = Get-STFAuthenticationService -VirtualPath '/Citrix/Store'
Add-STFAuthenticationTokenService -AuthenticationService $authService `
-Realm (New-Guid) `
-CertificateId $authService.Certificates[0].Id `
-ServiceName 'SPA Broker' `
-AllowedAudiences @('https://spa.broker.com', 'https://company.storefront.com') `
-Claims @{'SIDClaimType' = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid', 'DirectoryClaimType' = 'uri:citrix.deliveryservices.claim.directoryproperties'} `
-DefaultTokenLifeTime (New-TimeSpan -Hours 1) `
-MaximumTokenLifeTime (New-TimeSpan -Hours 1) `
-ValidationServiceId 'secureAccessTvs'
<!--NeedCopy-->

REMARKS

Creates the configuration for StoreFront to produce and validate authentication tokens for Secure Private Access.

OUTPUT

RelyingParty                         TokenValidator                                                             
TokenManager
------------                         --------------                                                             
------------
2e7217ee-46de-4ab2-8ddc-aadb02047046 secureAccessTvs:9y7R3nDVkGgXMOJ9GnqVHZpscchhCqXksa7QpiHXXiYUVN0FZfRxdAqo57 SPA 
Token Validation Service
<!--NeedCopy-->

EXAMPLE 2 Add Token Services for Secure Private Access with new certificate

$authService = Get-STFAuthenticationService -VirtualPath '/Citrix/Store'
Add-STFAuthenticationTokenService -AuthenticationService $authService `
-Realm (New-Guid) `
-Certificate (New-STFSelfSignedCertificate -FriendlyName "SPATrust") `
-ServiceName 'SPA Broker' `
-AllowedAudiences @('https://spa.broker.com', 'https://company.storefront.com') `
-Claims @{'SIDClaimType' = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid', 'DirectoryClaimType' = 'uri:citrix.deliveryservices.claim.directoryproperties'} `
-DefaultTokenLifeTime (New-TimeSpan -Hours 1) `
-MaximumTokenLifeTime (New-TimeSpan -Hours 1) `
-ValidationServiceId 'secureAccessTvs'
<!--NeedCopy-->

REMARKS

Creates the configuration for StoreFront using a user supplied certificate to produce and validate authentication

tokens for Secure Private Access.

OUTPUT

RelyingParty                         TokenValidator                                                             
TokenManager
------------                         --------------                                                             
------------
2e7217ee-46de-4ab2-8ddc-aadb02047046 secureAccessTvs:9y7R3nDVkGgXMOJ9GnqVHZpscchhCqXksa7QpiHXXiYUVN0FZfRxdAqo57 SPA 
Token Validation Service
<!--NeedCopy-->
Add-STFAuthenticationServiceTokenService