TechOnTip Weblog

Run book for Technocrats

ADFS: NameID Claim with Additional Properties

Posted by Brajesh Panda on May 26, 2016

Lately I was doing a SAS application (Axxerrion) integration with our ADFS. And they had a requirement to get a few things as additional properties i.e. spnamequalifier, namequalifier & nameID format to be mentioned as transient.

Here what I came up with. They also needed UPN for validation. So in 1st rule I am creating two outgoing claims. In 2nd custom rule, I am adding attributes to the Outgoing NameID claim. Final claim screenshot is at the bottom.

Claim Rules

Rule 1:

claim

 

 

 

 

 

 

 

 

 

Rule 2:

c:[Type == “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier“]

=> issue(Type = “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier“, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties[“http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format“] = “urn:oasis:names:tc:SAML:2.0:nameid-format:transient”, Properties[“http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier“] = “https://<Adfs_URL>/adfs/ls/“, Properties[“http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier“] = “https://test.axxerion.us/axxerion/“);

Saml Claim thru SAML Tracer

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: