How to create claim aware application by the script.

We have a script that can create claim aware application in your system for testing purpose. It work
as your real application. This script can run window server 2012 or later version. See below script.

ClaimsWebScriptAndSite.zip

Copy above zip file into your IIS server and extract all file in a folder such I copy all files in temp
folder path of it c:\temp\.

This folder has PowerShell script and deploy folder.

The PowerShell script create website, create pools in IIS and copy all files from deploy folder
(SourcePath) to Site physical path “Sitephysicalpath” with add your ADFS server details and your IIS
server details.

Note: - Before run the PowerShell script you need make major change in the script. You need to give
media path of window server 2012 so that this can install ASP.net feature. Such I will give path
-Source D:\sources\sxs

Before Changes

After Changes

Open PowerShell as administrator and run commands with below details:-

1. SourcePath : This is a path, where you have extracted script files such as c:\temp\deploy.
2. SiteName : This is site name that will be created in IIS as well as the application pool. ADFS
site will give as adfstest
3. SitePhysicalPath : this is a location on disk where the template site will be copied. We used
C:\sites\adfstest
4. ADFSServer : The hostname/FQDN of your ADFS server.
5. AppFQDN : The full qualified domain name of your test application. This will be set as a
binding on the site in IIS. We use app.micu.tech

Command:-

.\ deploy-testsite.ps1 -SourcePath C:\Temp\deploy -SiteName adfstest -SitePhysicalPath

C:\sites\adfstest -ADFSServer MICUADFS -AppFQDN app.micu.tech

Create relay party application and relay part trust.

 1. Relying Party Application: - This is the application or service that relies on the claims for
authentication.
2. Relying Party Trust: - The relying party trust is the connection between the relying party
application and our ADFS infrastructure. It's what we configure in ADFS to make the whole
thing work.

Thanks for this script, relying party application automatically is created in the ADFS server, when you
run the script so we don’t need create relying party application. So we will create relying party trust
in ADFS server.

1. Copy metadata file from your web application server to ADFS server. This metadata file will
be in your application your you given site physical path during run the script such we given
C:\sites\adfstest.
2. Once download metadata  Open up the ADFS Management console and right-click on "
Relying Party Trusts " then " Add Relying Party Trust ."
3. Choose import data about the relay party from a file. Give path where you copied metadata
file and click next
4. Give name of relay trust party and description and click next
5. In permission window give access right to all users “permit all users to access this relay
party” and click next and finish.

Add your web application URL in trusted site in your client windows IE

Internet Options  Security tab  Local Intranet  Click the Sites button Advanced . There, add
your STS URL (ie, https://app.micu.tech and sts.micu.tech )

Once you added URLs in the trusted site open your application URL and check