Fix claims type

Author: PatAltimore

docset/winserver2022-ps/adfs/Add-AdfsLocalClaimsProviderTrust.md

@@ -36,8 +36,8 @@ This includes other, untrusted, Active Directory forests or domains, Active Dire
 ```
 PS C:\> $Credential = Get-Credential
 PS C:\ > $LdapConn = New-AdfsLdapServerConnection -HostName "DomainContoller03.contoso.com" -Port 389 -SslMode None -AuthenticationMethod Basic -Credential $Credential
-PS C:\ > $DisplayName = New-AdfsLdapAttributeToClaimMapping -LdapAttribute "displayName" -ClaimType "https://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname"
-PS C:\> Add-AdfsLocalClaimsProviderTrust -Name "testldap" -Identifier "urn:testldap" -Type ldap -LdapServerConnection $LdapConn -UserObjectClass user -UserContainer "CN=Users,DC=<sub_domain_name>,DC=<domain_name>,DC=com" -LdapAuthenticationMethod Basic -AnchorClaimLdapAttribute userPrincipalName -AnchorClaimType "https://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -AcceptanceTransformRules "c:[] => issue(claim=c);" -Enabled $True -OrganizationalAccountSuffix "TSQA.contoso.com" - LdapAttributeToClaimMapping $DisplayName
+PS C:\ > $DisplayName = New-AdfsLdapAttributeToClaimMapping -LdapAttribute "displayName" -ClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname"
+PS C:\> Add-AdfsLocalClaimsProviderTrust -Name "testldap" -Identifier "urn:testldap" -Type ldap -LdapServerConnection $LdapConn -UserObjectClass user -UserContainer "CN=Users,DC=<sub_domain_name>,DC=<domain_name>,DC=com" -LdapAuthenticationMethod Basic -AnchorClaimLdapAttribute userPrincipalName -AnchorClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -AcceptanceTransformRules "c:[] => issue(claim=c);" -Enabled $True -OrganizationalAccountSuffix "TSQA.contoso.com" - LdapAttributeToClaimMapping $DisplayName
 ```
 
 The first command prompts you for a user name and password by using the **Get-Credential** cmdlet.

docset/winserver2022-ps/adfs/Add-AdfsNonClaimsAwareRelyingPartyTrust.md

@@ -33,14 +33,14 @@ The Web Application Proxy requests such tokens for pre-authentication to web app
 
 ### Example 1: Add a non-claims-aware relying party trust for an application
 ```
-PS C:\> Add-AdfsNonClaimsAwareRelyingPartyTrust -Name "ExpenseReport" -Identifier "https://contosoexpense/" -IssuanceAuthorizationRules "=>issue(Type = "https://schemas.microsoft.com/authorization/claims/permit", Value = "true");"
+PS C:\> Add-AdfsNonClaimsAwareRelyingPartyTrust -Name "ExpenseReport" -Identifier "https://contosoexpense/" -IssuanceAuthorizationRules "=>issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");"
 ```
 
 This command adds a non-claims-aware relying party trust for the application named ExpenseReport and allows all authenticated users to access this application through the Web Application Proxy.
 
 ### Example 2: Add a non-claims-aware relying party trust that restricts access to an application
 ```
-PS C:\> Add-AdfsNonClaimsAwareRelyingPartyTrust -Name "ExpenseReport" -Identifier "https://contosoexpense/" -IssuanceAuthorizationRules "c:[type=="https://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser"]=>issue(Type = "https://schemas.microsoft.com/authorization/claims/permit", Value = "true");"
+PS C:\> Add-AdfsNonClaimsAwareRelyingPartyTrust -Name "ExpenseReport" -Identifier "https://contosoexpense/" -IssuanceAuthorizationRules "c:[type=="http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser"]=>issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");"
 ```
 
 This command adds a non-claims-aware relying party trust for the application named ExpenseReport and restricts access to this application, through the Web Application Proxy, to only users from their workplace-joined devices.

docset/winserver2022-ps/adfs/Get-AdfsAdditionalAuthenticationRule.md

@@ -30,11 +30,11 @@ Applications that use protocols like WS-Trust will fail to obtain a security tok
 ### Example 1: Retrieve the global additional authentication rules
 ```
 PS C:\> Get-AdfsAdditionalAuthenticationRule
-c:[Type == "https://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser", Value == "false"]
-=> issue(Type = "https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "https://schemas.microsoft.com/claims/multipleauthn");
+c:[Type == "http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser", Value == "false"]
+=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn");
 
-c:[Type == "https://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value == "false"]
-=> issue(Type = "https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "https://schemas.microsoft.com/claims/multipleauthn");
+c:[Type == "http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value == "false"]
+=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn");
 ```
 
 This command retrieves the global additional authentication rules configured for AD FS.

docset/winserver2022-ps/adfs/Get-AdfsAuthenticationProvider.md

@@ -32,7 +32,7 @@ AdminName                          : Forms Authentication
 AllowedForPrimaryExtranet          : True
 AllowedForPrimaryIntranet          : True
 AllowedForAdditionalAuthentication : False
-AuthenticationMethods              : {urn:oasis:names:tc:SAML:1.0:am:password, urn:oasis:names:tc:SAML:2.0:ac:classes:Password, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, https://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password}
+AuthenticationMethods              : {urn:oasis:names:tc:SAML:1.0:am:password, urn:oasis:names:tc:SAML:2.0:ac:classes:Password, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password}
 Descriptions                       : {}
 DisplayNames                       : {}
 Name                               : FormsAuthentication
@@ -44,7 +44,7 @@ AdminName                          : Windows Authentication
 AllowedForPrimaryExtranet          : False
 AllowedForPrimaryIntranet          : True
 AllowedForAdditionalAuthentication : False
-AuthenticationMethods              : {urn:ietf:rfc:1510, urn:federation:authentication:windows, urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, https://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/kerberos...} Descriptions                       : {}
+AuthenticationMethods              : {urn:ietf:rfc:1510, urn:federation:authentication:windows, urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/kerberos...} Descriptions                       : {}
 DisplayNames                       : {}
 Name                               : WindowsAuthentication
 IdentityClaims                     : {}

docset/winserver2022-ps/adfs/Get-AdfsProperties.md

@@ -30,15 +30,15 @@ PS C:\> Get-AdfsProperties
 
 
 AcceptableIdentifiers                      : {}
-AddProxyAuthorizationRules                 : exists([Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-32-544", Issuer =~ "^AD AUTHORITY$"]) =>
-issue(Type = "https://schemas.microsoft.com/authorization/claims/permit", Value = "true");
-c:[Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Issuer =~ "^AD AUTHORITY$" ]
+AddProxyAuthorizationRules                 : exists([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-32-544", Issuer =~ "^AD AUTHORITY$"]) =>
+issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");
+c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Issuer =~ "^AD AUTHORITY$" ]
 =>
-issue(store="_ProxyCredentialStore",types=("https://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrustManagerSid({0})",
+issue(store="_ProxyCredentialStore",types=("http://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrustManagerSid({0})",
 param=c.Value );
-c:[Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/proxytrustid", Issuer =~ "^SELF AUTHORITY$" ]
+c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/proxytrustid", Issuer =~ "^SELF AUTHORITY$" ]
 =>
-issue(store="_ProxyCredentialStore",types=("https://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrustProvisioned({0})",
+issue(store="_ProxyCredentialStore",types=("http://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrustProvisioned({0})",
 param=c.Value );
 ArtifactDbConnection                       : Data Source=np:\\.\pipe\microsoft##wid\tsql\query;Initial Catalog=AdfsArtifactStore;Integrated Security=True
 AuthenticationContextOrder                 : {urn:oasis:names:tc:SAML:2.0:ac:classes:Password, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,

docset/winserver2022-ps/adfs/Get-AdfsWebApplicationProxyRelyingPartyTrust.md

@@ -34,19 +34,19 @@ PS C:\> Get-AdfsWebApplicationProxyRelyingPartyTrust
 AlwaysRequireAuthentication   : False
 Enabled                       : True
 Identifier                    : {urn:AppProxy:com}
-IssuanceAuthorizationRules    : @RuleTemplate="AllowAllAuthzRule" => issue(Type = "https://schemas.contoso.com/authorization/claims/permit", Value="true");
+IssuanceAuthorizationRules    : @RuleTemplate="AllowAllAuthzRule" => issue(Type = "http://schemas.contoso.com/authorization/claims/permit", Value="true");
 IssuanceTransformRules        : @RuleTemplate="PassThroughClaims"
 @RuleName="Pass Through Application Identifier"
-c:[Type == "https://schemas.contoso.com/2012/01/requestcontext/claims/relyingpartytrustid"] => issue(claim = c);
+c:[Type == "http://schemas.contoso.com/2012/01/requestcontext/claims/relyingpartytrustid"] => issue(claim = c);
 @RuleTemplate="PassThroughClaims"
 @RuleName="Pass Through Device Registration Identifier"
-c:[Type == "https://schemas.contoso.com/2012/01/devicecontext/claims/registrationid"] => issue(claim = c);
+c:[Type == "http://schemas.contoso.com/2012/01/devicecontext/claims/registrationid"] => issue(claim = c);
 @RuleTemplate="PassThroughClaims"
 @RuleName="Pass Through UPN"
-c:[Type == "https://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"] => issue(claim = c);
+c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"] => issue(claim = c);
 @RuleTemplate="PassThroughClaims"
 @RuleName="Pass Through Activity ID"
-c:[Type == "https://schemas.contoso.com/2012/01/requestcontext/claims/client-request-id"] => issue(claim = c);
+c:[Type == "http://schemas.contoso.com/2012/01/requestcontext/claims/client-request-id"] => issue(claim = c);
 
 AdditionalAuthenticationRules :
 Name                          : urn:AppProxy:com

docset/winserver2022-ps/adfs/New-AdfsAccessControlPolicy.md

@@ -87,14 +87,14 @@ This command changes the relying party to use a new template.
 ### Example 9: Complicated conditions with specific claims
 ```
 PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName DemoRP -AccessControlPolicyParameters`
-    @{"SPParameter"= @{ClaimType="https://schemas.xmlsoap.org/ws/2005/05/identity/claims/OfficeLocation"; Operator="Equals"; Value="Redmond"}}
+    @{"SPParameter"= @{ClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/OfficeLocation"; Operator="Equals"; Value="Redmond"}}
 ```
 
 ### Example 10: Two specific claims for single parameter
 ```
 PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName "DemoRP" -AccessControlPolicyParameters`
-    @{"SPParameter"= (@{ClaimType="https://schemas.xmlsoap.org/ws/2005/05/identity/claims/OfficeLocation"; Operator="Equals"; Value=("Redmond","DC")},`
-                      @{ClaimType="https://schemas.xmlsoap.org/ws/2005/05/identity/claims/Department"; Operator="Equals"; Value="Azure"})}
+    @{"SPParameter"= (@{ClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/OfficeLocation"; Operator="Equals"; Value=("Redmond","DC")},`
+                      @{ClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/Department"; Operator="Equals"; Value="Azure"})}
 ```
 
 ## PARAMETERS

docset/winserver2022-ps/adfs/New-AdfsLdapAttributeToClaimMapping.md

@@ -27,7 +27,7 @@ Mappings make it possible for LDAP attributes to be available for claim rule pro
 
 ### Example 1: Create a mapping of an LDAP directory attribute
 ```
-PS C:\> $DisplayName = New-AdfsLdapAttributeToClaimMapping -LdapAttribute "displayName" -ClaimType "https://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname"
+PS C:\> $DisplayName = New-AdfsLdapAttributeToClaimMapping -LdapAttribute "displayName" -ClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname"
 ```
 
 This command creates a mapping of an LDAP directory attribute to a claim type.

docset/winserver2022-ps/adfs/Set-AdfsAdditionalAuthenticationRule.md

@@ -41,7 +41,7 @@ You can also set rules on the individual relying party trust using the **Set-Adf
 
 ### Example 1: Set a global additional authentication rule
 ```
-PS C:\> Set-AdfsAdditionalAuthenticationRule -AdditionalAuthenticationRules 'c:[type == "https://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", value == "false"] => issue(type = "https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", value = "https://schemas.microsoft.com/claims/multipleauthn" );'
+PS C:\> Set-AdfsAdditionalAuthenticationRule -AdditionalAuthenticationRules 'c:[type == "http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", value == "false"] => issue(type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", value = "http://schemas.microsoft.com/claims/multipleauthn" );'
 ```
 
 This command sets an additional authentication rule to require multiple-factor authentication.