locked
ADFS Claim to convert user id to uppercase RRS feed

  • Question

  • Hello All,

    we trying to setup SSO with a company using our AD and one of the requirements for them is to send Sam Account Name or User ID in Uppercase only. Any one know how to create a custom rule to convert user id to upper case when sending claim?

    his is what i have now in claims. I also want to add to send this claim user_id in uppercase 

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => issue(store = "Active Directory", types = ("user_id"), query = ";sAMAccountName;{0}", param = c.Value);
    Wednesday, January 25, 2017 7:00 PM

Answers

  • There is always brute force... I did this for email addresses for uppercase.

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => add(store = "Active Directory", types = ("temp_email"), query = ";mail;{0}", param = c.Value);

    c:[Type == "temp_email"]
     => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(c.Value, "a", "A"), "b", "B"), "c", "C"), "d", "D"), "e", "E"), "f", "F"), "g", "G"), "h", "H"), "i", "I"), "j", "J"), "k", "K"), "l", "L"), "m", "M"), "n", "N"), "o", "O"), "p", "P"), "q", "Q"), "r", "R"), "s", "S"), "t", "T"), "u", "U"), "v", "V"), "w", "W"), "x", "X"), "y", "Y"), "z", "Z"));


    Friday, March 22, 2019 6:28 PM
  • Hi!

    It is very much possible — you just need 28 custom issuance transform rules for it:

    Rule #1. 

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => add(store = "Active Directory", types = ("temp_user_id"), query = ";sAMAccountName;{0}", param = c.Value);

    Mind that we use "add" not "issue" here.

    Rules #2-27. 

    c:[Type == "temp_user_id"]
     => add(Type = "temp_user_id", Value = RegExReplace(c.Value, "a", "A"));

    You need to create one rule for each of the alphabet letters.

    Rule #28.

    c:[Type == "temp_user_id", Value =~ "^[^a-z]+$"]
     => issue(Type = "user_id", Value = c.Value);


    https://exchange12rocks.org/ | http://about.me/exchange12rocks


    Wednesday, January 25, 2017 10:37 PM
  • There is no claim rule to do this.

    You need a custom attribute store.



    Wednesday, January 25, 2017 10:23 PM

All replies

  • There is no claim rule to do this.

    You need a custom attribute store.



    Wednesday, January 25, 2017 10:23 PM
  • Hi!

    It is very much possible — you just need 28 custom issuance transform rules for it:

    Rule #1. 

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => add(store = "Active Directory", types = ("temp_user_id"), query = ";sAMAccountName;{0}", param = c.Value);

    Mind that we use "add" not "issue" here.

    Rules #2-27. 

    c:[Type == "temp_user_id"]
     => add(Type = "temp_user_id", Value = RegExReplace(c.Value, "a", "A"));

    You need to create one rule for each of the alphabet letters.

    Rule #28.

    c:[Type == "temp_user_id", Value =~ "^[^a-z]+$"]
     => issue(Type = "user_id", Value = c.Value);


    https://exchange12rocks.org/ | http://about.me/exchange12rocks


    Wednesday, January 25, 2017 10:37 PM
  • Ahah that's a witty workaround, I like it :)

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, January 26, 2017 12:47 AM
  • There is always brute force... I did this for email addresses for uppercase.

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => add(store = "Active Directory", types = ("temp_email"), query = ";mail;{0}", param = c.Value);

    c:[Type == "temp_email"]
     => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(c.Value, "a", "A"), "b", "B"), "c", "C"), "d", "D"), "e", "E"), "f", "F"), "g", "G"), "h", "H"), "i", "I"), "j", "J"), "k", "K"), "l", "L"), "m", "M"), "n", "N"), "o", "O"), "p", "P"), "q", "Q"), "r", "R"), "s", "S"), "t", "T"), "u", "U"), "v", "V"), "w", "W"), "x", "X"), "y", "Y"), "z", "Z"));


    Friday, March 22, 2019 6:28 PM
  • for anyone copying that claim, the n regex is set as "m", "N" and not "n", "N"

    Value = RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(c.Value, "a", "A"), "b", "B"), "c", "C"), "d", "D"), "e", "E"), "f", "F"), "g", "G"), "h", "H"), "i", "I"), "j", "J"), "k", "K"), "l", "L"), "m", "M"), "n", "N"), "o", "O"), "p", "P"), "q", "Q"), "r", "R"), "s", "S"), "t", "T"), "u", "U"), "v", "V"), "w", "W"), "x", "X"), "y", "Y"), "z", "Z"));

    Tuesday, June 25, 2019 4:40 PM
  • Good catch! I will edit the post. Thanks!

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, June 25, 2019 9:16 PM