Latest revision as of 23:47, 21 August 2020

Filter the groups retrieved from AD

http://social.technet.microsoft.com/wiki/contents/articles/8008.ad-fs-2-0-selectively-send-group-membership-s-as-a-claim.aspx?Sort=MostRecent&PageIndex=1

Claim rule 1

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORTIY"]
=> add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";memberOf;{0}", param = c.Value);

c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "(?i)ug-sec"]
=> issue(claim = c);

Claim rule 2

c1:[Type == "http://schemas.xmlsoap.org/claims/Group"]
 && c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/role"), query = "(&(distinguishedName={0})(info=Role));name;{1}", param = c1.Value, param = c2.Value);

origineel

 c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", "http://schemas.xmlsoap.org/claims/Company", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/claims/Group"), query = ";userPrincipalName,sAMAccountName,company,mail,displayName,tokenGroups;{0}", param = c.Value);

No idea

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORTIY"]
=> add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";memberOf;{0}", param = c.Value);
c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "(?i)adfs"
=> issue(claim = c);

Must known url's

@@ Line 3: / Line 3: @@
 # Claim rule 1
-<syntaxhighlight lang="text">
+<syntaxhighlight language="text">
 c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORTIY"]
 => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";memberOf;{0}", param = c.Value);
@@ Line 13: / Line 13: @@
 # Claim rule 2
-<syntaxhighlight lang="text">
+<syntaxhighlight language="text">
 c1:[Type == "http://schemas.xmlsoap.org/claims/Group"]
   && c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
@@ Line 22: / Line 22: @@
 # origineel
-<syntaxhighlight lang="text">
+<syntaxhighlight language="text">
   c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
   => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", "http://schemas.xmlsoap.org/claims/Company", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/claims/Group"), query = ";userPrincipalName,sAMAccountName,company,mail,displayName,tokenGroups;{0}", param = c.Value);
@@ Line 30: / Line 30: @@
 # No idea
-<syntaxhighlight lang="text">
+<syntaxhighlight language="text">
 c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORTIY"]
 => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";memberOf;{0}", param = c.Value);

ADFS: Difference between revisions

Latest revision as of 23:47, 21 August 2020

Filter the groups retrieved from AD

Must known url's

Navigation menu

ADFS: Difference between revisions

Latest revision as of 23:47, 21 August 2020

Filter the groups retrieved from AD

Must known url's

Navigation menu

Search