Get started for free
Visual Studio Developer Center >
ADFS - Claims Rule Language (SalesForce Chatter)

الإجابة ADFS - Claims Rule Language (SalesForce Chatter)

  • Sunday, April 01, 2012 8:23 PM
     
     
    Sign In to Vote
    0

    Hello,

    ADFS 2.0
    Windows 2008 R2 Enterprise Edition

    I have a need to append an email claim rule to end our current email suffix with ".chatter". The .chatter claim will be Idp-initiated as a value for a custom claim named "user.username" to the SP.

    i.e ldap email value user1@domain.com ---> user1@domain1.com.chatter

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => issue(store = "Active Directory", types = ("User.Email"), query = ";mail;{0}", param = c.Value + ".chatter");

    I'm not getting the expected result, I know there is something wrong with the claims rule and it probably starts at my logic of adding a string to an already existing value. Does the rule need to be transformed? Any help is appreciated.

    Thx,

    Unique



     

All Replies

  • Sunday, April 01, 2012 8:57 PM
     
     
    Sign In to Vote
    0

    I don't believe you can do that through the claims rule. What you could do is either create a custom provider to generate the claim, stick the value in a SQL database and pull from there, or create a new Active Directory attribute with the email address + .chatter. Your best option is probably to create the custom attribute.

    Developer Security MVP | www.syfuhs.net

     
  • Monday, April 02, 2012 6:44 AM
     
     Answered
    Sign In to Vote
    0

    The QueryParam >c.Value + ".chatter"< will literally go into the LDAP query. Leave it at c.Value (being the windowsaccountname).

    But use "add" (not issue) with a temporary name. Then match (in a new rule) temporary claim and "issue" final claim with your: c.Value + ".chatter".

    Paul Lemmers


    • Edited by paullem Monday, April 02, 2012 6:44 AM
    • Marked As Answer by uglover Monday, April 02, 2012 6:49 PM
    •  
     
  • Monday, April 02, 2012 7:20 PM
     
     
    Sign In to Vote
    0

    Thanks Paul!!

    It worked perfect. I ended up using UPN instead of Email, since user's can have multiple SMTP addresses.

    I took your suggestion:

    1. Created a custom claim rule -- add query value of UPN to custom claim "User.UPN2"

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => add(store = "Active Directory", types = ("User.UPN2"), query = ";userPrincipalName;{0}", param = c.Value);

    2. Create 2nd rule, issue value of "User.UPN2" + ".chatter"

    c:[Type == "User.UPN2"]
     => issue(Type = "User.Username", Value = c.Value + ".chatter");

    Thanks,

    UG.

    UG.