Adding claim mapping to existing provider in SPS 2010

What if you want to add another claim attribute for example “Role” to an existing trust provider? Nothing simpler – run Powershell and you will find the Add-SPClaimTypeMapping cmdlet which should allow you to do exactly what is requested. Problem is that when you take a look at an example provided in TechNet documentation or the cmdlet help you will get examples, which don't necessary fit cmdlet syntax, like this one:

Get-SPTrustedIdentityProvider –Name "LiveIDSTS" | Add-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "PUID" -LocalClaimType

What to do then? Here is a simple example on how to add a new claim mapping to an existing trust provider below:

$map2 = New-SPClaimTypeMapping "" -IncomingClaimTypeDisplayName "Role" –SameAsIncoming
$ti = Get-SPTrustedIdentityTokenIssuer -Identity "ADFS20Server"
Add-SPClaimTypeMapping -Identity $map2 -TrustedIdentityTokenIssuer $ti

Quick check:

PS C:\> (Get-SPTrustedIdentityTokenIssuer -Identity "ADFS20Server").ClaimTypes

Categories: Training
Permalink | Comments (0) | Post RSSRSS comment feed