Obtain NameIdentifier (sub) in AD FS

Question

I would like to obtain the sub (NameIdentifier) of a user for an AD FS application in order to allow him to identify in an application's user table.

This is completely On-Premises set up.

score 0 · Answer 1 · answered Jan 28 '20 at 20:26

0

From memory, its returned in the id_token but you can always get it via the ADFS userinfo endpoint.

This always returns the subject claim as specified in the OpenID standards.

answered Jan 28 '20 at 20:26

rbrayb

I was looking for a simple way like `Get-ADUser` with Powershell to add new users sub to the users table in the application. If not, is there a way 'easily' consume the ADFS userinfo endpoint as an admin? – carraua Jan 29 '20 at 08:14
https://stackoverflow.com/q/42131776/9922 – rbrayb Jan 29 '20 at 17:46

1 Answers1