Dotnet Learner
Reputation: 41
Sending group name as claims in ADFS 3.0
I need to add a claim rule for a RP in ADFS 3.0 to issue all the group names to which the user is added as claims if the group names are, say A, B, C. How can I achieve this? As of now, I'm using LDAP attribute Token-Groups - Unqualified Names which will provide all group names which he is part of.
Upvotes: 1
Views: 2983
Answers (1)
rbrayb
Reputation: 46720
Filter the groups with regex.
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("http://claims/MyGroups"), query = ";tokenGroups;{0}", param = c.Value);
then something like:
c:[Type == "http://claims/MyGroups", Value =~ "^(?i)A"] => issue(claim = c);
and so on.
Upvotes: 1
Related Questions
- Configure ADFS Relying Party SAML response to include "NameFormat" in Attributes
- User groups as claims through OpenID Connect over ADFS
- Getting Group Claims With ADFS 4.0 OAuth2 Token
- ADFS 3, Create a Rule to Send Group Membership as a Claim
- Initials LDAP Attribute in Claim Rules for Microsoft Active Directory Federation Server
- InvalidNameIDPolicy working with ADFS
- Send Distinguished Name ADFS 2.0
- ADFS Multiple Group
- relaying party name in claim rule
- Claims not being passed to a Relying Party in ADFS 2.0