I am new to adfs claim rules, but I managed to configure the normal mapping. Now my customer asked me to add 4 static letters like "1234" in front on of an incoming LDAP Attribute. For Example add "1234" in front of the "E-Mail-Addresses" Attribute. I have read about the claim rule language syntax but wasn't able to find an add function.
Asked
Active
Viewed 1,165 times
1 Answers
1
Sample rules below.
@RuleName = "add temp claim email to pipeline as a var for processing"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://temp.org/emailaddress"), query = ";mail;{0}", param = c.Value);
@RuleName = "massage var to issue real email claim"
c:[Type == "http://temp.org/emailaddress"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = "1234" + c.Value);
This will result in issuing an email claim with value 1234john@contoso.com when the AD mail attribute has john@contoso.com as the attribute value.
You should review https://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx as it has lots of good examples on syntax.
Then create the claimsxray relying party as per https://adfshelp.microsoft.com/ClaimsXray/TokenRequest and test your rules. Once you have a set of rules that work, you can use them on the real intended relying party.
maweeras
- 783
- 4
- 12