locked
Need help mapping an Active Directory attribute to a ADFS claim RRS feed

  • Question

  • So we're trying to pass the active directory attribute 'employeeNumber' through ADFS to our claims-aware app. We've done this with other attributes; name, email address, group membership.

    Now I've found this thread:
    https://social.msdn.microsoft.com/Forums/vstudio/en-US/cc7c5271-a23d-4afb-a083-79fb07841cd9/some-help-with-using-employee-id-as-a-claim?forum=Geneva

    But unfortunately the thread doesn't contain enough information for an ADFS noob like myself. 

    We've got a server fault question up, but nobody has responded in 3 days, so I'm not optimistic there:
    http://serverfault.com/questions/829094/how-to-properly-map-active-directory-attributes-to-outgoing-claims

    I'm unable to post screenshots here, so please visit the server fault link for a more in-depth description of the problem.

    Feel free to move this thread to the forum here:
    https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva

    I was unable to select that forum when writing this post.

    Monday, January 30, 2017 8:33 PM

Answers

All replies

  • Hi,

    Welcome to MSDN forum.

    Our forum is to talk about the setup of .net framework and now we couldn't move the thread to

    .NET Framework   >  Claims based access platform (CBA), code-named Geneva, so I will move your thread to Using Forums  >  Where is the Forum For…? . You will also get professional support in there, thank you for understanding.

    Best regards,

    Joyce


    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, January 31, 2017 3:37 AM
  • If you would like to send employeeNumber just do this

    Change "WhateverYouLike" to the format you want employeeNumber to be sent as.

    Custom claim looks like this:
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => issue(store = "Active Directory", types = ("WhateverYouLike"), query = ";employeeNumber;{0}", param = c.Value);

    Tuesday, January 31, 2017 3:51 PM
  • As @Jorrk says, that "dropdown" is actually editable!

    Tuesday, January 31, 2017 6:14 PM