Merge pull request #416 from dmilov/topic/dmilov/ssoadmin-externaldomain

Add LDAP Identity Source Functions

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1

@@ -11,7 +11,7 @@
 RootModule = 'VMware.vSphere.SsoAdmin.psm1'
 
 # Version number of this module.
-ModuleVersion = '1.1.0'
+ModuleVersion = '1.2.0'
 
 # ID used to uniquely identify this module
 GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
@@ -34,7 +34,7 @@ RequiredModules = @(
 )
 
 # Functions to export from this module
-FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Add-ExternalDomainIdentitySource', 'Get-IdentitySource')
+FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource')
 
 # Cmdlets to export from this module
 CmdletsToExport = @()

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1

@@ -17,7 +17,7 @@ $PSModuleRoot = $PSModule.ModuleBase
 $subModuleRoot = $PSModuleRoot
 
 if (($PSVersionTable.Keys -contains "PSEdition") -and ($PSVersionTable.PSEdition -ne 'Desktop')) {
-   $subModuleRoot = Join-Path -Path $PSModuleRoot -ChildPath 'netcoreapp2.0'
+   $subModuleRoot = Join-Path -Path $PSModuleRoot -ChildPath 'netcoreapp3.1'
 }
 else {
    $subModuleRoot = Join-Path -Path $PSModuleRoot -ChildPath 'net45'
@@ -1337,9 +1337,8 @@ function Add-ExternalDomainIdentitySource {
    .PARAMETER Passowrd
    Domain authentication password
 
-   .PARAMETER Server
+   .PARAMETER DomainServerType
-   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
-   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
 
    .PARAMETER Server
    Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
@@ -1356,18 +1355,6 @@ function Add-ExternalDomainIdentitySource {
       -Username 'sofPowercliAdmin' `
       -Password '$up3R$Tr0Pa$$w0rD'
 
-    .EXAMPLE
-   Add-ExternalDomainIdentitySource `
-      -Name 'sof-powercli' `
-      -DomainName 'sof-powercli.vmware.com' `
-      -DomainAlias 'sof-powercli' `
-      -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
-      -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-      -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
-      -Username 'sofPowercliAdmin' `
-      -Password '$up3R$Tr0Pa$$w0rD' `
-      -ServerType 'OpenLDAP'
-
    Adds External Identity Source
 #>
 [CmdletBinding()]
@@ -1446,7 +1433,7 @@ function Add-ExternalDomainIdentitySource {
       ValueFromPipeline=$false,
       ValueFromPipelineByPropertyName=$false,
       HelpMessage='External domain server type')]
-   [ValidateSet('ActiveDirectory','OpenLdap','NIS')]
+   [ValidateSet('ActiveDirectory')]
    [string]
    $DomainServerType = 'ActiveDirectory',
 
@@ -1487,6 +1474,278 @@ function Add-ExternalDomainIdentitySource {
    }
 }
 
+function Add-LDAPIdentitySource {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	2/11/2021
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
+
+   .PARAMETER Name
+   Friendly name of the identity source
+
+   .PARAMETER DomainName
+   Domain name
+
+   .PARAMETER DomainAlias
+   Domain alias
+
+   .PARAMETER PrimaryUrl
+   Primary Server URL
+
+   .PARAMETER BaseDNUsers
+   Base distinguished name for users
+
+   .PARAMETER BaseDNGroups
+   Base distinguished name for groups
+
+   .PARAMETER Username
+   Domain authentication user name
+
+   .PARAMETER Passowrd
+   Domain authentication password
+
+   .PARAMETER ServerType
+   Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
+
+   .PARAMETER Certificates
+   List of X509Certicate2 LDAP certificates
+
+   .PARAMETER Server
+   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+
+   Adds LDAP Identity Source
+
+   .EXAMPLE
+   Add-LDAPIdentitySource `
+      -Name 'sof-powercli' `
+      -DomainName 'sof-powercli.vmware.com' `
+      -DomainAlias 'sof-powercli' `
+      -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
+      -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
+      -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
+      -Username 'sofPowercliAdmin@sof-powercli.vmware.com' `
+      -Password '$up3R$Tr0Pa$$w0rD' `
+      -Certificates 'C:\Temp\test.cer'
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Friendly name of the identity source')]
+   [ValidateNotNull()]
+   [string]
+   $Name,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [ValidateNotNull()]
+   [string]
+   $DomainName,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [string]
+   $DomainAlias,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false)]
+   [ValidateNotNull()]
+   [string]
+   $PrimaryUrl,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Base distinguished name for users')]
+   [ValidateNotNull()]
+   [string]
+   $BaseDNUsers,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Base distinguished name for groups')]
+   [ValidateNotNull()]
+   [string]
+   $BaseDNGroups,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Domain authentication user name')]
+   [ValidateNotNull()]
+   [string]
+   $Username,
+
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Domain authentication password')]
+   [ValidateNotNull()]
+   [string]
+   $Password,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Ldap Certificates')]
+   [System.Security.Cryptography.X509Certificates.X509Certificate2[]]
+   $Certificates,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Ldap Server type')]
+   [ValidateSet('ActiveDirectory')]
+   [string]
+   $ServerType = 'ActiveDirectory',
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Connected SsoAdminServer object')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+   $Server)
+
+   $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
+   if ($Server -ne $null) {
+      $serversToProcess = $Server
+   }
+
+   try {
+      foreach ($connection in $serversToProcess) {
+         if (-not $connection.IsConnected) {
+            Write-Error "Server $connection is disconnected"
+            continue
+         }
+
+         $connection.Client.AddLdapIdentitySource(
+            $DomainName,
+            $DomainAlias,
+            $Name,
+            $PrimaryUrl,
+            $BaseDNUsers,
+            $BaseDNGroups,
+            $Username,
+            $Password,
+            $ServerType,
+            $Certificates);
+      }
+   } catch {
+      Write-Error (FormatError $_.Exception)
+   }
+}
+
+function Set-LDAPIdentitySource {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	2/17/2021
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
+
+   .PARAMETER IdentitySource
+   Identity Source to update
+
+   .PARAMETER Certificates
+   List of X509Certicate2 LDAP certificates
+
+   .PARAMETER Server
+   Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
+   If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
+
+   Updates LDAP Identity Source
+
+   .EXAMPLE
+
+   Updates certificate of a LDAP identity source
+
+   Get-IdentitySource -External | `
+   Set-LDAPIdentitySource `
+      -Certificates 'C:\Temp\test.cer'
+#>
+[CmdletBinding()]
+ param(
+   [Parameter(
+      Mandatory=$true,
+      ValueFromPipeline=$true,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Identity source to update')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource]
+   $IdentitySource,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Ldap Certificates')]
+   [System.Security.Cryptography.X509Certificates.X509Certificate2[]]
+   $Certificates,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Connected SsoAdminServer object')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+   $Server)
+
+Process {
+   $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
+   if ($Server -ne $null) {
+      $serversToProcess = $Server
+   }
+
+   try {
+      foreach ($connection in $serversToProcess) {
+         if (-not $connection.IsConnected) {
+            Write-Error "Server $connection is disconnected"
+            continue
+         }
+
+         $connection.Client.UpdateLdapIdentitySource(
+            $IdentitySource.Name,
+            $IdentitySource.FriendlyName,
+            $IdentitySource.PrimaryUrl,
+            $IdentitySource.UserBaseDN,
+            $IdentitySource.GroupBaseDN,
+            $Certificates);
+      }
+   } catch {
+      Write-Error (FormatError $_.Exception)
+   }
+}
+}
+
 function Get-IdentitySource {
 <#
    .NOTES

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/VMware.vSphere.LsClient.csproj

@@ -4,7 +4,7 @@
     <RootNamespace>VMware.vSphere.LsClient</RootNamespace>
     <AssemblyName>VMware.vSphere.LsClient</AssemblyName>
     <Description>vSphere Lookup Service API client.</Description>
-    <TargetFrameworks>net45;netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>net45;netcoreapp3.1</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net45'">
@@ -16,7 +16,7 @@
     <PackageReference Include="System.ServiceModel.Security" Version="4.4.0" />
   </ItemGroup>
   
-  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp2.0'">
+  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
     <PackageReference Include="VMware.System.Private.ServiceModel" Version="4.4.4" />
   </ItemGroup>
 

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Utils/VMware.vSphere.SsoAdmin.Utils.csproj

@@ -4,7 +4,7 @@
     <RootNamespace>VMware.vSphere.SsoAdmin.Utils</RootNamespace>
     <AssemblyName>VMware.vSphere.SsoAdmin.Utils</AssemblyName>
     <Description>vSphere Lookup SsoAdmin utility types.</Description>
-    <TargetFrameworks>net45;netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>net45;netcoreapp3.1</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net45'">
@@ -17,7 +17,7 @@
     <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.0.0" />
   </ItemGroup>
   
-  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp2.0'">
+  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
     <PackageReference Include="Microsoft.WSMan.Runtime" Version="6.1.0" />
     <PackageReference Include="VMware.System.Private.ServiceModel" Version="4.4.4" />
   </ItemGroup>

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs

@@ -7,6 +7,7 @@ using System.Collections.Generic;
 using System.IdentityModel.Selectors;
 using System.Runtime.InteropServices.WindowsRuntime;
 using System.Security;
+using System.Security.Cryptography.X509Certificates;
 using System.ServiceModel;
 using System.ServiceModel.Channels;
 using System.ServiceModel.Security;
@@ -16,7 +17,7 @@ using VMware.Binding.WsTrust;
 using VMware.Binding.WsTrust.SecurityContext;
 using VMware.vSphere.LsClient;
 using VMware.vSphere.SsoAdminClient.DataTypes;
-using VMware.vSphere.SsoAdminClient.SsoAdminServiceReferencer;
+using VMware.vSphere.SsoAdminClient.SsoAdminServiceReference2;
 
 namespace VMware.vSphere.SsoAdminClient
 {
@@ -657,6 +658,106 @@ namespace VMware.vSphere.SsoAdminClient
                })).Wait();
       }
 
+      public void AddLdapIdentitySource(
+         string domainName,
+         string domainAlias,
+         string friendlyName,
+         string primaryUrl,
+         string baseDNUsers,
+         string baseDNGroups,
+         string authenticationUserName,
+         string authenticationPassword,
+         string serverType,
+         X509Certificate2[] ldapCertificates) {
+
+         string authenticationType = "password";
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails {
+            friendlyName = friendlyName,
+            primaryUrl = primaryUrl,
+            userBaseDn = baseDNUsers,
+            groupBaseDn = baseDNGroups
+         };
+
+         if (ldapCertificates != null && ldapCertificates.Length > 0) {
+            var certificates = new List<string>();
+            foreach (var ldapCert in ldapCertificates) {               
+               certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));               
+            }
+
+            if (certificates.Count > 0) {
+               adminLdapIdentitySourceDetails.certificates = certificates.ToArray();
+            }
+         }
+
+         try {         
+            authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.RegisterLdapAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminIdentitySourceManagementService",
+                     Value = "identitySourceManagementService"
+                  },
+                  serverType,
+                  domainName,
+                  domainAlias,
+                  adminLdapIdentitySourceDetails,
+                  authenticationType,
+                  new SsoAdminIdentitySourceManagementServiceAuthenticationCredentials {
+                     username = authenticationUserName,
+                     password = authenticationPassword
+                  })).Wait();
+         } catch (AggregateException e) {
+            throw e.InnerException;
+         }
+      }
+
+      public void UpdateLdapIdentitySource(
+         string name,         
+         string friendlyName,
+         string primaryUrl,
+         string baseDNUsers,
+         string baseDNGroups,         
+         X509Certificate2[] ldapCertificates) {
+                  
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         var adminLdapIdentitySourceDetails = new SsoAdminLdapIdentitySourceDetails {
+            friendlyName = friendlyName,
+            primaryUrl = primaryUrl,
+            userBaseDn = baseDNUsers,
+            groupBaseDn = baseDNGroups
+         };
+
+         if (ldapCertificates != null && ldapCertificates.Length > 0) {
+            var certificates = new List<string>();
+            foreach (var ldapCert in ldapCertificates) {
+               certificates.Add(Convert.ToBase64String(ldapCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
+            }
+
+            if (certificates.Count > 0) {
+               adminLdapIdentitySourceDetails.certificates = certificates.ToArray();
+            }
+         }
+
+         try {
+            authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.UpdateLdapAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminIdentitySourceManagementService",
+                     Value = "identitySourceManagementService"
+                  },
+                  name,
+                  adminLdapIdentitySourceDetails)).Wait();
+         } catch (AggregateException e) {
+            throw e.InnerException;
+         }
+      }
+
       public IEnumerable<IdentitySource> GetDomains() {
          var authorizedInvocationContext =
             CreateAuthorizedInvocationContext();

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/VMware.vSphere.SsoAdminClient.csproj

@@ -4,14 +4,14 @@
     <RootNamespace>VMware.vSphere.SsoAdminClient</RootNamespace>
     <AssemblyName>VMware.vSphere.SsoAdminClient</AssemblyName>
     <Description>SSO Admin API client.</Description>
-    <TargetFrameworks>net45;netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>net45;netcoreapp3.1</TargetFrameworks>
   </PropertyGroup>
   
   <PropertyGroup Condition=" '$(TargetFramework)' == 'net45' ">
     <DefineConstants>$(DefineConstants);NET45</DefineConstants>
   </PropertyGroup>
   
-  <PropertyGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">
+  <PropertyGroup Condition=" '$(TargetFramework)' == 'netcoreapp3.1' ">
     <DefineConstants>$(DefineConstants);NETCORE20</DefineConstants>
   </PropertyGroup>
   
@@ -24,7 +24,7 @@
     <PackageReference Include="System.ServiceModel.Security" Version="4.4.0" />
   </ItemGroup>
   
-  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp2.0'">
+  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
     <PackageReference Include="VMware.System.Private.ServiceModel" Version="4.4.4" />
   </ItemGroup>
   

Modules/VMware.vSphere.SsoAdmin/src/build.ps1

@@ -49,7 +49,7 @@ param($OutputFolder)
          "VMware.vSphere.LsClient",
          "bin",
          $Configuration,
-         "netcoreapp2.0",
+         "netcoreapp3.1",
          "VMware.vSphere.LsClient.dll")
 
       $net45LsSource = [IO.Path]::Combine(
@@ -67,7 +67,7 @@ param($OutputFolder)
          "VMware.vSphere.SsoAdminClient",
          "bin",
          $Configuration,
-         "netcoreapp2.0",
+         "netcoreapp3.1",
          "VMware.vSphere.SsoAdminClient.dll")
 
       $net45SsoAdminSource = [IO.Path]::Combine(
@@ -85,7 +85,7 @@ param($OutputFolder)
          "VMware.vSphere.SsoAdmin.Utils",
          "bin",
          $Configuration,
-         "netcoreapp2.0",
+         "netcoreapp3.1",
          "VMware.vSphere.SsoAdmin.Utils.dll")
 
       $net45UtilsSource = [IO.Path]::Combine(
@@ -98,7 +98,7 @@ param($OutputFolder)
          "VMware.vSphere.SsoAdmin.Utils.dll")
 
 
-      $netcoreTarget = Join-Path $OutputFolder "netcoreapp2.0"
+      $netcoreTarget = Join-Path $OutputFolder "netcoreapp3.1"
       $net45Target = Join-Path $OutputFolder "net45"
 
       Copy-Item -Path $netcoreLsSource -Destination $netcoreTarget -Force

Modules/VMware.vSphere.SsoAdmin/src/test/ConnectDisconnect.Tests.ps1

@@ -38,11 +38,11 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
             -SkipCertificateCheck
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.GetType().FullName | Should Be 'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer'
+         $actual.GetType().FullName | Should -Be 'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer'
-         $actual.IsConnected | Should Be $true
+         $actual.IsConnected | Should -Be $true
-         $actual.Name | Should Be $VcAddress
+         $actual.Name | Should -Be $VcAddress
-         $global:DefaultSsoAdminServers | Should Contain $actual
+         $global:DefaultSsoAdminServers | Should -Contain $actual
       }
 
       It 'Connect-SsoAdminServer throws error on invalid password' {
@@ -54,7 +54,7 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
             -Password ($Password + "invalid") `
             -SkipCertificateCheck `
             -ErrorAction Stop } | `
-         Should Throw "Invalid credentials"
+         Should -Throw "Invalid credentials"
       }
 
       It 'Connect-SsoAdminServer throws error on invalid Tls Certificate' {
@@ -65,7 +65,7 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
             -User $User `
             -Password $Password `
             -ErrorAction Stop } | `
-         Should Throw "The SSL connection could not be established, see inner exception."
+         Should -Throw "The SSL connection could not be established, see inner exception."
       }
    }
 
@@ -82,8 +82,8 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
          $expected | Disconnect-SsoAdminServer
 
          # Assert
-         $global:DefaultSsoAdminServers | Should Not Contain $expected
+         $global:DefaultSsoAdminServers | Should -Not -Contain $expected
-         $expected.IsConnected | Should Be $false
+         $expected.IsConnected | Should -Be $false
       }
 
       It 'Diconnect-SsoAdminServer disconnects the currently connected SSO in case there is 1 SSO server' {
@@ -98,8 +98,8 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
          Disconnect-SsoAdminServer -server $expected
 
          # Assert
-         $global:DefaultSsoAdminServers | Should Not Contain $expected
+         $global:DefaultSsoAdminServers | Should -Not -Contain $expected
-         $expected.IsConnected | Should Be $false
+         $expected.IsConnected | Should -Be $false
       }
 
       It 'Diconnect-SsoAdminServer does not disconnect if connected to more than 1 SSO server' {
@@ -118,13 +118,13 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
          # Act
 
          # Assert
-         $connection2 | Should Be $connection1
+         $connection2 | Should -Be $connection1
-         $connection2.RefCount | Should Be 2
+         $connection2.RefCount | Should -Be 2
 
          Disconnect-SsoAdminServer
 
          $connection2.IsConnected | Should -Contain $true
-         $connection2.RefCount | Should Be 1
+         $connection2.RefCount | Should -Be 1
       }
 
       It 'Diconnect-SsoAdminServer does disconnect via pipeline if connected to more than 1 SSO server' {
@@ -143,9 +143,9 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
          # Act
          $connection1, $connection2 | Disconnect-SsoAdminServer
          # Assert
-         $global:DefaultSsoAdminServers.Count | Should Be 0
+         $global:DefaultSsoAdminServers.Count | Should -Be 0
-         $connection1.IsConnected | Should Be $false
+         $connection1.IsConnected | Should -Be $false
-         $connection2.IsConnected | Should Be $false
+         $connection2.IsConnected | Should -Be $false
       }
 
       It 'Disconnects disconnected object' {
@@ -160,11 +160,11 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
 
          # Act
          { Disconnect-SsoAdminServer -Server $expected } | `
-         Should Not Throw
+         Should -Not -Throw
 
          # Assert
-         $global:DefaultSsoAdminServers | Should Not Contain $expected
+         $global:DefaultSsoAdminServers | Should -Not -Contain $expected
-         $expected.IsConnected | Should Be $false
+         $expected.IsConnected | Should -Be $false
       }
 
       It 'Disconnects DefaultSsoAdminServers when * is specified on -Server parameter' {
@@ -180,8 +180,8 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
 
 
          # Assert
-         $global:DefaultSsoAdminServers.Count | Should Be 0
+         $global:DefaultSsoAdminServers.Count | Should -Be 0
-         $expected.IsConnected | Should Be $false
+         $expected.IsConnected | Should -Be $false
       }
 
       It 'Disconnects server specified as string that is equal to VC Address' {
@@ -197,8 +197,8 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
 
 
          # Assert
-         $global:DefaultSsoAdminServers.Count | Should Be 0
+         $global:DefaultSsoAdminServers.Count | Should -Be 0
-         $expected.IsConnected | Should Be $false
+         $expected.IsConnected | Should -Be $false
       }
 
       It 'Disconnect-SsoAdminServer fails when string that does not match any servers is specified' {
@@ -210,13 +210,13 @@ Describe "Connect-SsoAdminServer and Disconnect-SsoAdminServer Tests" {
                -SkipCertificateCheck
 
          # Act
-         { Disconnect-SsoAdminServer -Server "testserver" } | Should Throw
+         { Disconnect-SsoAdminServer -Server "testserver" } | Should -Throw
 
 
          # Assert
-         $global:DefaultSsoAdminServers.Count | Should Be 1
+         $global:DefaultSsoAdminServers.Count | Should -Be 1
-         $global:DefaultSsoAdminServers[0] | Should Be $expected
+         $global:DefaultSsoAdminServers[0] | Should -Be $expected
-         $expected.IsConnected | Should Be $true
+         $expected.IsConnected | Should -Be $true
 
          # Cleanup
          Disconnect-SsoAdminServer -Server $expected

Modules/VMware.vSphere.SsoAdmin/src/test/Group.Tests.ps1

@@ -42,10 +42,10 @@ Describe "Get-SsoGroup Tests" {
          $actual = Get-SsoGroup
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Count | Should BeGreaterThan 0
+         $actual.Count | Should -BeGreaterThan 0
-         $actual[0].Name | Should Not Be $null
+         $actual[0].Name | Should -Not -Be $null
-         $actual[0].Domain | Should Be 'localos'
+         $actual[0].Domain | Should -Be 'localos'
       }
 
       It 'Gets groups for default domain' {
@@ -64,10 +64,10 @@ Describe "Get-SsoGroup Tests" {
             -Domain $newPersonUser.Domain
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Count | Should BeGreaterThan 0
+         $actual.Count | Should -BeGreaterThan 0
-         $actual[0].Name | Should Not Be $null
+         $actual[0].Name | Should -Not -Be $null
-         $actual[0].Domain | Should Be $newPersonUser.Domain
+         $actual[0].Domain | Should -Be $newPersonUser.Domain
 
          # Cleanup
          Remove-SsoPersonUser -User $newPersonUser

Modules/VMware.vSphere.SsoAdmin/src/test/IdentitySource.Tests.ps1

@@ -42,9 +42,9 @@ Describe "Get-IdentitySource Tests" {
          $actual = Get-IdentitySource
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Count | Should BeGreaterThan 1
+         $actual.Count | Should -BeGreaterThan 1
-         $actual[0].NAme | Should Be 'localos'
+         $actual[0].NAme | Should -Be 'localos'
       }
 
       It 'Gets localos only identity source' {
@@ -52,9 +52,9 @@ Describe "Get-IdentitySource Tests" {
          $actual = Get-IdentitySource -Localos
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Count | Should Be 1
+         $actual.Count | Should -Be 1
-         $actual[0].NAme | Should Be 'localos'
+         $actual[0].Name | Should -Be 'localos'
       }
 
        It 'Gets all available identity sources' {
@@ -62,10 +62,10 @@ Describe "Get-IdentitySource Tests" {
          $actual = Get-IdentitySource -Localos -System
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Count | Should Be 2
+         $actual.Count | Should -Be 2
-         $actual[0].Name | Should Be 'localos'
+         $actual[0].Name | Should -Be 'localos'
-         $actual[0].Name | Should Not Be $null
+         $actual[0].Name | Should -Not -Be $null
       }
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/test/LockoutPolicy.Tests.ps1

@@ -42,7 +42,7 @@ Describe "LockoutPolicy Tests" {
          $actual = Get-SsoLockoutPolicy
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
       }
    }
 
@@ -60,11 +60,11 @@ Describe "LockoutPolicy Tests" {
             -MaxFailedAttempts $expectedMaxFailedAttempts
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.AutoUnlockIntervalSec | Should Be $expectedAutoUnlockIntervalSec
+         $actual.AutoUnlockIntervalSec | Should -Be $expectedAutoUnlockIntervalSec
-         $actual.MaxFailedAttempts | Should Be $expectedMaxFailedAttempts
+         $actual.MaxFailedAttempts | Should -Be $expectedMaxFailedAttempts
-         $actual.FailedAttemptIntervalSec | Should Be $lockoutPolicyToUpdate.FailedAttemptIntervalSec
+         $actual.FailedAttemptIntervalSec | Should -Be $lockoutPolicyToUpdate.FailedAttemptIntervalSec
-         $actual.Description | Should Be $lockoutPolicyToUpdate.Description
+         $actual.Description | Should -Be $lockoutPolicyToUpdate.Description
 
          # Cleanup
          $lockoutPolicyToUpdate | Set-SsoLockoutPolicy

Modules/VMware.vSphere.SsoAdmin/src/test/LsClient.Tests.ps1

@@ -40,8 +40,8 @@ Describe "Lookup Service Client Integration Tests" {
          $actual = $script:lsClient.GetSsoAdminEndpointUri()
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.ToString().StartsWith("https://$VCAddress/sso-adminserver/sdk/") | Should Be $true
+         $actual.ToString().StartsWith("https://$VCAddress/sso-adminserver/sdk/") | Should -Be $true
       }
 
       It 'Gets STS API Url' {
@@ -49,8 +49,8 @@ Describe "Lookup Service Client Integration Tests" {
          $actual = $script:lsClient.GetStsEndpointUri()
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.ToString().StartsWith("https://$VCAddress/sts/STSService") | Should Be $true
+         $actual.ToString().StartsWith("https://$VCAddress/sts/STSService") | Should -Be $true
       }
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/test/PasswordPolicy.Tests.ps1

@@ -42,7 +42,7 @@ Describe "PasswordPolicy Tests" {
          $actual = Get-SsoPasswordPolicy
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
       }
    }
 
@@ -60,18 +60,18 @@ Describe "PasswordPolicy Tests" {
             -PasswordLifetimeDays $expectedPasswordLifetimeDays
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.MaxLength | Should Be $expectedMaxLength
+         $actual.MaxLength | Should -Be $expectedMaxLength
-         $actual.PasswordLifetimeDays | Should Be $expectedPasswordLifetimeDays
+         $actual.PasswordLifetimeDays | Should -Be $expectedPasswordLifetimeDays
-         $actual.Description | Should Be $passwordPolicyToUpdate.Description
+         $actual.Description | Should -Be $passwordPolicyToUpdate.Description
-         $actual.ProhibitedPreviousPasswordsCount | Should Be $passwordPolicyToUpdate.ProhibitedPreviousPasswordsCount
+         $actual.ProhibitedPreviousPasswordsCount | Should -Be $passwordPolicyToUpdate.ProhibitedPreviousPasswordsCount
-         $actual.MinLength | Should Be $passwordPolicyToUpdate.MinLength
+         $actual.MinLength | Should -Be $passwordPolicyToUpdate.MinLength
-         $actual.MaxIdenticalAdjacentCharacters | Should Be $passwordPolicyToUpdate.MaxIdenticalAdjacentCharacters
+         $actual.MaxIdenticalAdjacentCharacters | Should -Be $passwordPolicyToUpdate.MaxIdenticalAdjacentCharacters
-         $actual.MinNumericCount | Should Be $passwordPolicyToUpdate.MinNumericCount
+         $actual.MinNumericCount | Should -Be $passwordPolicyToUpdate.MinNumericCount
-         $actual.MinSpecialCharCount | Should Be $passwordPolicyToUpdate.MinSpecialCharCount
+         $actual.MinSpecialCharCount | Should -Be $passwordPolicyToUpdate.MinSpecialCharCount
-         $actual.MinAlphabeticCount | Should Be $passwordPolicyToUpdate.MinAlphabeticCount
+         $actual.MinAlphabeticCount | Should -Be $passwordPolicyToUpdate.MinAlphabeticCount
-         $actual.MinUppercaseCount | Should Be $passwordPolicyToUpdate.MinUppercaseCount
+         $actual.MinUppercaseCount | Should -Be $passwordPolicyToUpdate.MinUppercaseCount
-         $actual.MinLowercaseCount | Should Be $passwordPolicyToUpdate.MinLowercaseCount
+         $actual.MinLowercaseCount | Should -Be $passwordPolicyToUpdate.MinLowercaseCount
 
          # Cleanup
          $passwordPolicyToUpdate | Set-SsoPasswordPolicy
@@ -89,18 +89,18 @@ Describe "PasswordPolicy Tests" {
             -MinUppercaseCount $expectedMinUppercaseCount
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Description | Should Be $expectedDescription
+         $actual.Description | Should -Be $expectedDescription
-         $actual.MinUppercaseCount | Should Be $expectedMinUppercaseCount
+         $actual.MinUppercaseCount | Should -Be $expectedMinUppercaseCount
-         $actual.MaxLength | Should Be $passwordPolicyToUpdate.MaxLength
+         $actual.MaxLength | Should -Be $passwordPolicyToUpdate.MaxLength
-         $actual.PasswordLifetimeDays | Should Be $passwordPolicyToUpdate.PasswordLifetimeDays
+         $actual.PasswordLifetimeDays | Should -Be $passwordPolicyToUpdate.PasswordLifetimeDays
-         $actual.ProhibitedPreviousPasswordsCount | Should Be $passwordPolicyToUpdate.ProhibitedPreviousPasswordsCount
+         $actual.ProhibitedPreviousPasswordsCount | Should -Be $passwordPolicyToUpdate.ProhibitedPreviousPasswordsCount
-         $actual.MinLength | Should Be $passwordPolicyToUpdate.MinLength
+         $actual.MinLength | Should -Be $passwordPolicyToUpdate.MinLength
-         $actual.MaxIdenticalAdjacentCharacters | Should Be $passwordPolicyToUpdate.MaxIdenticalAdjacentCharacters
+         $actual.MaxIdenticalAdjacentCharacters | Should -Be $passwordPolicyToUpdate.MaxIdenticalAdjacentCharacters
-         $actual.MinNumericCount | Should Be $passwordPolicyToUpdate.MinNumericCount
+         $actual.MinNumericCount | Should -Be $passwordPolicyToUpdate.MinNumericCount
-         $actual.MinSpecialCharCount | Should Be $passwordPolicyToUpdate.MinSpecialCharCount
+         $actual.MinSpecialCharCount | Should -Be $passwordPolicyToUpdate.MinSpecialCharCount
-         $actual.MinAlphabeticCount | Should Be $passwordPolicyToUpdate.MinAlphabeticCount
+         $actual.MinAlphabeticCount | Should -Be $passwordPolicyToUpdate.MinAlphabeticCount
-         $actual.MinLowercaseCount | Should Be $passwordPolicyToUpdate.MinLowercaseCount
+         $actual.MinLowercaseCount | Should -Be $passwordPolicyToUpdate.MinLowercaseCount
 
          # Cleanup
          $passwordPolicyToUpdate | Set-SsoPasswordPolicy

Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1

@@ -63,14 +63,14 @@ Describe "PersonUser Tests" {
          $script:usersToCleanup += $actual
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.GetType().FullName | Should Be 'VMware.vSphere.SsoAdminClient.DataTypes.PersonUser'
+         $actual.GetType().FullName | Should -Be 'VMware.vSphere.SsoAdminClient.DataTypes.PersonUser'
-         $actual.Name | Should Be $expectedUserName
+         $actual.Name | Should -Be $expectedUserName
-         $actual.Domain | Should Not Be $null
+         $actual.Domain | Should -Not -Be $null
-         $actual.Description | Should Be $expectedDescription
+         $actual.Description | Should -Be $expectedDescription
-         $actual.FirstName | Should Be $expectedFirstName
+         $actual.FirstName | Should -Be $expectedFirstName
-         $actual.LastName | Should Be $expectedLastName
+         $actual.LastName | Should -Be $expectedLastName
-         $actual.EmailAddress | Should Be $expectedEmailAddress
+         $actual.EmailAddress | Should -Be $expectedEmailAddress
       }
 
       It 'Creates person user without details' {
@@ -92,14 +92,14 @@ Describe "PersonUser Tests" {
          $script:usersToCleanup += $actual
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.GetType().FullName | Should Be 'VMware.vSphere.SsoAdminClient.DataTypes.PersonUser'
+         $actual.GetType().FullName | Should -Be 'VMware.vSphere.SsoAdminClient.DataTypes.PersonUser'
-         $actual.Name | Should Be $expectedUserName
+         $actual.Name | Should -Be $expectedUserName
-         $actual.Domain | Should Not Be $null
+         $actual.Domain | Should -Not -Be $null
-         $actual.Description | Should Be $null
+         $actual.Description | Should -Be $null
-         $actual.FirstName | Should Be $null
+         $actual.FirstName | Should -Be $null
-         $actual.LastName | Should Be $null
+         $actual.LastName | Should -Be $null
-         $actual.EmailAddress | Should Be $null
+         $actual.EmailAddress | Should -Be $null
       }
    }
 
@@ -116,10 +116,10 @@ Describe "PersonUser Tests" {
          $actual = Get-SsoPersonUser
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Count | Should BeGreaterThan 0
+         $actual.Count | Should -BeGreaterThan 0
-         $actual[0].Name | Should Not Be $null
+         $actual[0].Name | Should -Not -Be $null
-         $actual[0].Domain | Should Be 'localos'
+         $actual[0].Domain | Should -Be 'localos'
       }
 
       It 'Gets person users by name (exact match) and domain filters' {
@@ -153,10 +153,10 @@ Describe "PersonUser Tests" {
             -Server $connection
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Name | Should Be $expectedUserName
+         $actual.Name | Should -Be $expectedUserName
-         $actual.Domain | Should Not Be $null
+         $actual.Domain | Should -Not -Be $null
-         $actual.Domain | Should Be $personUserToSearch.Domain
+         $actual.Domain | Should -Be $personUserToSearch.Domain
       }
 
       It 'Gets person users by name (* wildcard match) and domain filters' {
@@ -190,10 +190,10 @@ Describe "PersonUser Tests" {
             -Server $connection
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Count | Should Be 2
+         $actual.Count | Should -Be 2
-         $actual.Name | Should Contain $expectedUserName
+         $actual.Name | Should -Contain $expectedUserName
-         $actual.Name | Should Contain $secondUserName
+         $actual.Name | Should -Contain $secondUserName
       }
 
       It 'Gets person users by name (? wildcard match) and domain filters' {
@@ -227,10 +227,10 @@ Describe "PersonUser Tests" {
             -Server $connection
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.Count | Should Be 2
+         $actual.Count | Should -Be 2
-         $actual.Name | Should Contain $expectedUserName
+         $actual.Name | Should -Contain $expectedUserName
-         $actual.Name | Should Contain $secondUserName
+         $actual.Name | Should -Contain $secondUserName
       }
 
       It 'Gets person users by unexisting name does not return' {
@@ -258,7 +258,7 @@ Describe "PersonUser Tests" {
             -Server $connection
 
          # Assert
-         $actual | Should Be $null
+         $actual | Should -Be $null
       }
    }
 
@@ -292,7 +292,7 @@ Describe "PersonUser Tests" {
             -Add
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
       }
 
       It 'Removes person user from group' {
@@ -329,7 +329,7 @@ Describe "PersonUser Tests" {
             -Remove
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
       }
 
       It 'Resets person user password' {
@@ -356,7 +356,7 @@ Describe "PersonUser Tests" {
             -NewPassword $newPassword
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
       }
 
       It 'Unlocks not locked person user' {
@@ -382,7 +382,7 @@ Describe "PersonUser Tests" {
             -Unlock
 
          # Assert
-         $actual | Should Be $null
+         $actual | Should -Be $null
       }
    }
 
@@ -407,12 +407,12 @@ Describe "PersonUser Tests" {
          Remove-SsoPersonUser -User $personUserToRemove
 
          # Assert
-         $personUserToRemove | Should Not Be $null
+         $personUserToRemove | Should -Not -Be $null
          $userFromServer = Get-SsoPersonUser `
             -Name $personUserToRemove.Name `
             -Domain $personUserToRemove.Domain `
             -Server $connection
-         $userFromServer | Should Be $null
+         $userFromServer | Should -Be $null
       }
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/test/RunTests.ps1

@@ -17,20 +17,35 @@ param(
 )
 
 function Test-PesterIsAvailable() {
-   $pesterModule = Get-Module Pester -List
+   $pesterModules = Get-Module Pester -ListAvailable
-   if ($pesterModule -eq $null) {
+   $pesterModule = $null
-      throw "Pester Module is not available"
+   # Search for Pester 4.X
+   foreach ($p in $pesterModules) {
+      if ($p.Version -ge [version]"5.0.0") {
+         $pesterModule = $p
+         break
       }
+   }
+
+   if ($pesterModule -eq $null) {
+      throw "Pester Module version 5.X is not available"
+   }
+
+   Import-Module -Name $pesterModule.Name -RequiredVersion $pesterModule.RequiredVersion
 }
 
 Test-PesterIsAvailable
 
-Invoke-Pester `
+$testsData = @{
-   -Script @{
-       Path = $PSScriptRoot
-       Parameters = @{
     VcAddress = $VcAddress
     User = $User
     Password = $Password
-      }
+}
-   }
+
+$pesterContainer = New-PesterContainer -Path $PSScriptRoot -Data $testsData
+$pesterConfiguration = [PesterConfiguration]::Default
+
+$pesterConfiguration.Run.Path = $PSScriptRoot
+$pesterConfiguration.Run.Container = $pesterContainer
+
+Invoke-Pester -Configuration $pesterConfiguration

Modules/VMware.vSphere.SsoAdmin/src/test/TokenLifetime.Tests.ps1

@@ -42,9 +42,9 @@ Describe "TokenLifetime Tests" {
          $actual = Get-SsoTokenLifetime
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.MaxHoKTokenLifetime | Should BeGreaterThan 0
+         $actual.MaxHoKTokenLifetime | Should -BeGreaterThan 0
-         $actual.MaxBearerTokenLifetime | Should BeGreaterThan 0
+         $actual.MaxBearerTokenLifetime | Should -BeGreaterThan 0
       }
    }
 
@@ -62,9 +62,9 @@ Describe "TokenLifetime Tests" {
             -MaxBearerTokenLifetime $expectedMaxBearerTokenLifetime
 
          # Assert
-         $actual | Should Not Be $null
+         $actual | Should -Not -Be $null
-         $actual.MaxHoKTokenLifetime | Should Be $expectedMaxHoKTokenLifetime
+         $actual.MaxHoKTokenLifetime | Should -Be $expectedMaxHoKTokenLifetime
-         $actual.MaxBearerTokenLifetime | Should Be $expectedMaxBearerTokenLifetime
+         $actual.MaxBearerTokenLifetime | Should -Be $expectedMaxBearerTokenLifetime
 
          # Cleanup
          $tokenLifetimeToUpdate | Set-SsoTokenLifetime `