WS-Federation supports both Active Directory Federation Services and Azure Active Directory.

You first need to configure ADFS or AzureAD to support Universal.

Configuring ADFS for Universal

Service Settings

Relying Parties

You need to configure the following Relying Parties settings for Universal. On the Identifiers tab, provide the URL to the Universal website. HTTPS is required.

On the Endpoints tab. You'll need to include a WS-Federation Passive Endpoint. Make sure to include the trailing slash.

You can configure additional claims you'd like to use if you are using policies in Universal.

Configuring For Azure Active Directory

Follow the documentation for the Azure Active Directory configuration found on this Microsoft Document.

Configuring Universal

After configuring ADFS or AAD, you can now provide the properties to Universal for the MetadataAddress and Wtrealm. Read about these settings on the our Settings page.

Here is an example of how to update the appsettings.json file to accommodate the correct settings for WS-Federation.

  "Kestrel": {
    "Endpoints": {
      "HTTP": {
        "Url": "http://*:5000"
    "RedirectToHttps": "false"
  "ApplicationInsights": {
    "InstrumentationKey": ""
  "Logging": {
    "Path": "%PROGRAMDATA%/PowerShellUniversal/log.txt",
    "RetainedFileCountLimit": 31,
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
  "AllowedHosts": "*",
  "CorsHosts": "",
  "Data": {
    "RepositoryPath": "%ProgramData%\\UniversalAutomation\\Repository",
    "ConnectionString": "%ProgramData%\\UniversalAutomation\\database.db",
    "GitRemote": "",
    "GitUserName": "",
    "GitPassword": "", 
    "ConfigurationScript": ""
  "Api": {
    "Url": ""
  "Authentication" : {
    "Windows": {
      "Enabled": "false"
    "WSFed": {
        "Enabled": "true",
        "MetadataAddress": "https://ironman.local:443/FederationMetadata/2007-06/FederationMetadata.xml",
        "Wtrealm": "https://ironman.local:12345",
        "CallbackPath": "/auth/signin-wsfed"
    "OIDC": {
      "Enabled": "false",
      "CallbackPath": "/auth/signin-oidc",
      "ClientID": "",
      "ClientSecret": "",
      "Resource": "",
      "Authority": "",
      "ResponseType": "",
      "SaveTokens": "false"
    "SessionTimeout": "25"
  "Jwt": {  
    "SigningKey": "PleaseUseYourOwnSigningKeyHere",  
    "Issuer": "IronmanSoftware",
    "Audience": "PowerShellUniversal"
  "UniversalDashboard": {
    "AssetsFolder": "%ProgramData%\\PowerShellUniversal\\Dashboard"
  "ShowDevTools": false,
  "HideAdminConsole": false

Last updated

Copyright 2022 Ironman Software