Although I don't recall the correct terminology, my understanding is that a particular relay application may be provisioned separately for intranet only, or both intranet and internet. I would be interested to pass the information about which of the two endpoints was used for each new session, into the assertions to the SAML SP, so that particular permissions depended on the "login origin". Does ADFS make that information available in any claim type for mapping ?
Asked
Active
Viewed 23 times
1 Answers
1
If you go to ADFS directly (as opposed as to via the WAP) you get the claim:
http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork
rbrayb
- 1,108
- 1
- 12
- 20