locked
Custom attribute in SAML token RRS feed

  • Question

  • Hi.

    As IDP i am setting up a relaying party trust for an application the SP uses. Problem is, the SP requires a specific "customer ID" to be prefixed for the user accessing the web application.

    E.g. User name in on-prem AD is john, but the application requires 001john as username.

    Error message i get now is: "SAML 2.0 authentication failed. The customer ID in the username john@mycustomer.domain does not match the ones configured for the partner"

    How do i configure ADFS to include this custom ID for the SAML token?

    The SP uses IBM FIM as federation solution. And its NameID policy only requires e-mail.

    Help much appreciated.

    Thanks

    Tuesday, December 19, 2017 1:49 PM

All replies

  • You can append a string e.g.

    c:[type == "http://someclaim"]
    => issue(type = "http://anotherclaim", value = "001" + c1.Value );

    but there is not enough detail.

    Do you always add "001" or does it vary?

    Which claim do you want to alter?

    Tuesday, December 19, 2017 6:39 PM