4.4 Managing the AD FS Adapter Mobile

After you have installed the AD FS Adapter Mobile, you can manage its settings using a provided suite of PowerShell scripts and a JSON configuration file.

4.4.1 Configuration file

The AD FS Adapter Mobile configuration is stored in a JSON file called MobileAdfsAdapter.json in the ADFS_Adapter_Mobile folder.

If you have manually unregistered the AD FS Adapter Mobile and want to register it again, you can run the following PowerShell script:

• RegisterADFSProvider.ps1 – this script reads the information in the configuration file and uses it to register the AD FS Adapter Mobile.

You can also make changes to the configuration file and apply new settings.

To edit and apply new configuration settings:

1. In the ADFS_Adapter_Mobile folder, open the following file in a text editor:

   MobileAdfsAdapter.json

2. Edit the following values:

   • logFilePath

   • logLevel

     For details of setting up logging, see section 4.5.1, Setting up AD FS Adapter Mobile logging.

   • maxRetries – set this to the number of polling attempts the AD FS Adapter will make to the MyID Verification Service to check if verification is complete before failing.

     The default is 100.

   • retryDelayMs – set this to the delay in milliseconds between each polling attempt retry.

     The default is 1000.

   The configuration file also contains settings that you provided when running the installation program, including:

   • server – the URL of the MyID Verification Service.

   • userlookup – the method of user identification with the MyID Verification Service. This can be one of the following:

     • "incoming-claim" – based on the claim provided by the Relying Party, which is predominantly UPN (this is the default).

     • "upn" – treats the input as an UPN.

     • "emailaddress" – treats the input as an email address.

   • requestBody – the push notification settings, including:
     • title – the title of the notification.
     • body – the text in the notification.
   • certFinder – the details of the mutual TLS certificate, including:
     • storeLocation – the location of the store.
     • storeName – the name of the store.
     • mTlsThumbprint – the thumbprint of the certificate.

   You are recommended to use the installation program if you want to change any of these settings. See section 4.3, Installing the AD FS Adapter Mobile for details.

3. Save the MobileAdfsAdapter.json file.

4. Run the ReconfigureADFSProvider.ps1 PowerShell script to apply the changes.

   This script unregisters the AD FS Adapter, then re-registers it using the updated settings.

4.4.2 Managing themes

After you have installed the AD FS Adapter, the Intercede branding files are stored in the Themes folder in the installation folder.

Note: The themes folder is shared between the AD FS Adapter OAuth and the AD FS Adapter Mobile, if you have both installed.

The MyIDAuthTheme2019 folder contains files used for Windows Server 2019 or Windows Server 2022, and includes custom images, CSS, JavaScript and HTML. You are not expected to edit these files. The MyIDAuthTheme folder contains files previously used for systems running Windows Server 2016.

You can apply and remove these themes using the following PowerShell scripts:

• ApplyCustomTheme.ps1

  This script applies the Intercede branding to the Relying Party Trust selected at installation time.

• RemoveCustomTheme.ps1

  This script removes the Intercede branding from the Relying Party Trust selected at installation time.