0

I have an ADFS environment with a configured a second Claim Provider along side the default Active Directory Claim Provider.

HomeRealm discovery is "disabled" because I have set my Web Application to only use the non-AD Claim Provider.

The current claim rules are configured so that claims coming from the second Claim Provider are included in the Auth token issued to clients connecting to my Web Application.

Is it possible to configure the claim rules to have claim data coming from both Active Directory and the second Claim Provider be included in the Auth token?

For example: Google[mail] + ActiveDirectory[samAccountName] => Auth Token

boraseoksoon
  • 2,164
  • 1
  • 20
  • 25
Dscoduc
  • 7,714
  • 10
  • 42
  • 48

1 Answers1

1

Yes, it is possible. The key point is how to map "user" returned from the second Claim Provider trust's to an AD user. Usually the token must contain a claim which can be used to query a respective user in AD. The following link shows how to query more claims from AD for such a scenario: https://blogs.msdn.microsoft.com/pinch-perfect/2015/09/14/querying-attributes-from-active-directory-using-adfs-with-a-3rd-party-identity-provider/

Thuan
  • 1,618
  • 1
  • 10
  • 21