4

I'm attempting to run a Powershell cmdlet that only accepts one of three specific parameters. I'm positive that I know what those parameters are, and that I am entering those parameters correctly. I am running Powershell as an Administrator, and I am positive that both the associated Powershell module is loaded, and that the cmdlet I am attempting is valid & loaded from that module.

The cmdlet is Set-ADFSRelyingPartyTrust -SamlResponseSignature and the valid Parameters are MessageOnly AssertionOnly and MessageAndAssertion as supplied by: https://docs.microsoft.com/en-us/powershell/module/adfs/set-adfsrelyingpartytrust?view=winserver2012r2-ps

The issue I get is that no matter which of those three I try, I get the error:

Set-AdfsRelyingPartyTrust : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Set-AdfsRelyingPartyTrust -SamlResponseSignature MessageAndAssertion
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-AdfsRelyingPartyTrust], ParameterBindingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.IdentityServer.Management.Commands.SetRelyingPartyTrustCommamd

Frustratingly, if I run the cmdlet with a known bad parameter, with a -Whatif, it reports:

Set-AdfsRelyingPartyTrust : Cannot validate argument on parameter 'SamlResponseSignature'. 
The argument "False" does not belong to the set "AssertionOnly,MessageAndAssertion,MessageOnly" 
specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.

Even if I copy+paste a value from the reported set, I get the same error. What the hell am I doing wrong?

I apologize if this has already been answered. Every search result I viewed only dealt with what to do if that error pops up as part of a larger script, or the poster was unsure of the valid paramater set. I could find no discussion on this error when the cmdlet is run standalone, and the parameter set is known.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
AESD_Mike
  • 43
  • 3

1 Answers1

3

If you look carefully at the docs, you can see three parameter sets, If you look closely you will see that all the parameters except for 1 unique paramater. This 1 unique parameter also happens to be be required.

So for the commandlet Set-ADFSRelyingPartyTrust you must specify the target in one of three ways.

You must have one of the following:

  • -TargetRelyingParty
  • -TargetIdentifier
  • -TargetName

Note how in the docs most of the parameters have square brackets but these 3 parameters do not, also they are rendered with a different color. Those differences are telling you that these are required.

Zoredache
  • 128,755
  • 40
  • 271
  • 413