Adding Email and Role claimstypes to SharePoint 2010 for use with AD FS 2.0 via Powershell in order to make your web application Claims-aware.

When using this mixture of claimstypes it's important to add them when you create the authentication token provider - adding them afterwards as a second thought and it wont work.

Add-PSSnapin -Name Microsoft.SharePoint.PowerShell

$claim = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming

$claim2 = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\path-to-certificate\certificate.cer")

$realm = "urn:" + $env:ComputerName + ":adfs"

$signinurl = ""

$ap = New-SPTrustedIdentityTokenIssuer -Name "ADFS20Server" -Description "ADFS 2.0 Federated Server" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $claim,$claim2 -SignInUrl $signinurl -IdentifierClaim $claim.InputClaimType


$uri = new-object System.Uri("")

$ap.ProviderRealms.Add($uri, “urn:" + $env:ComputerName + ":adfssite”)