Setup Claim rules as follows:
1. Create a claim with template "Send LDAP attributes as Claims". Select"E-Mail-Addresses" for "LDAP attribute" and "E-Mail Address" for "Outgoing
Claim Type".
2. Create another claim with template "Transform an Incoming Claim". "Incoming claim type" shall be "E-Mail Address", "Outgoing claim type" shall be "Name ID", "Outgoing name ID format" shall be "Email"
and option "Pass through all claim values" shall be selected.
Error I get is:
The SAML authentication request had a NameID Policy that could not be satisfied.
Requestor: xxxxxxxxxxx.xxxxxxxx.xxx
Name identifier format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
SPNameQualifier:
Exception details:
MSIS1000: The SAML request contained a NameIDPolicy that was not satisfied by the issued token. Requested NameIDPolicy: AllowCreate: False Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress SPNameQualifier: . Actual NameID properties: Format:
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, NameQualifier: SPNameQualifier: , SPProvidedId: .
This request failed.
User Action
Use the AD FS 2.0 Management snap-in to configure the configuration that emits the required name identifier.
Based on the claim rule i am passing email address as the NameID but it is passing as unspecified instead of emailaddress
Jim Mangan Lead Systems Administrator
