locked
Custom attribute custom claims help RRS feed

  • Question

  • Hello!

    I have a vendor with a requirement to send some custom attributes. They have the attributes listed and requested in their metadata. Here is one example:

    <md:RequestedAttribute isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="SecurityLevel" FriendlyName="Security level requested for individual user accessing this service"/>

    I need to use an AD security group to restrict this access. Ideally it would like something like this:

    If "user1" is a member of AD group "SecurityLevel1" then send this claim  SecurityLevel=1

    Thank you for any help you can provide!


    • Edited by BrianTTP Monday, May 21, 2018 2:42 PM
    Monday, May 21, 2018 2:36 PM

All replies

  • You need to use "memberOf".

    e.g. https://social.technet.microsoft.com/wiki/contents/articles/8008.ad-fs-2-0-selectively-send-group-membership-s-as-a-claim.aspx

    Monday, May 21, 2018 8:03 PM