Change the sptrustedidentitytokenissuer

Apr 13, 2015 at 6:36 PM
We are going through an upgrade from adfs 2 to adfs 3. Is there a way to easily change the claimprovider from one tokenissuer to the new one. For example its assigned to ADFS SAML Provider but once I install the new one i need it to be on ADFS 3 SAML Provider
Coordinator
Apr 21, 2015 at 9:43 AM
Hello,
to easily remove (deassociate) a claims provider from a trust, you can use the cmds below in PowerShell, but note that this is not officially supported since it uses reflection to access a private member of the object:
$t = Get-SPTrustedIdentityTokenIssuer "SPTrust"
$t.GetType().GetField("m_ClaimProviderName","NonPublic,Instance").SetValue($ti, $null)
$t.Update()
The alternative is to delete the trust and recreate it.

Once you've done that, you can easily associate the claims provider to the new trust using the steps in the homepage.

thanks
Yvan
Apr 21, 2015 at 1:50 PM
I actually found a way to over write the cert for the token and update the login url. This fixed my issue.
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\ADFSNewCert.cer")
get-SPTrustedIdentityTokenIssuer "TrustedIdentityTokenIssuerName" | Set-SPTrustedIdentityTokenIssuer -importtrustcertificate $cert



$t1 = get-sptrustedidentitytokenissuer "TrustedIdentityTokenIssuerName"
$t1.provideruri = "https://signintest.ohiohealth.com/adfs/ls"
$t1.update()
Marked as answer by MrBush1987 on 4/21/2015 at 6:50 AM