locked
ADFS Claim to convert all to lowercase RRS feed

  • Question

  • Greetings all

    ADFS noob here.

    I have had a look through this article and i have pretty much the same request just all lowercase.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/109a226d-b9c5-47b4-98ab-2d9e6446b1e4/adfs-claim-to-convert-user-id-to-uppercase?forum=ADFS


    I have reversed the user '32136554' suggestion to make all lowercase, however i am struggling on the logic on how/where to put the rule and the ordering within the issuance transform rules tab.

    I am assuming the below code i cant just copy and put into one rule and ADFS gives an error that only one rule may be added for each custom rule. So i have made 2 rules, 1st one starting with the "c:[Type" and ending with c.Value);" and the 2nd rule starting with "c:[Type == "temp_email"]"

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => add(store = "Active Directory", types = ("temp_email"), query = ";mail;{0}", param = c.Value);
    c:[Type == "temp_email"]
     => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(c.Value, "A", "a"), "B", "b"), "C", "c"), "D", "d"), "E", "e"), "F", "f"), "G", "g"), "H", "h"), "I", "i"), "J", "j"), "K", "k"), "L", "l"), "M", "m"), "N", "n"), "O", "o"), "P", "p"), "Q", "q"), "R", "r"), "S", "s"), "T", "t"), "U", "u"), "V", "v"), "W", "w"), "X", "x"), "Y", "y"), "Z", "z"));

    So what i am trying to ask is we already have claims set up for this RP, below is the rule language...how do i do the ordering of it so the lowercase rule applies along with the claims sent below?

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
     => issue(store = "Active Directory", types = ("oa_unique", "oa_mail", "oa_lastname", "oa_firstname", "oa_displayname", "oa_memberOf", "oa_UPN", "oa_samaccount"), query = ";ObjectGUID,mail,sn,givenName,displayName,memberOf,userPrincipalName,sAMAccountName;{0}", param = c.Value);

    Your help is very much appreciated,

    Monday, August 5, 2019 10:39 AM

All replies

  • Hello,

    Check the following link. It'll help you.

    https://social.technet.microsoft.com/Forums/en-US/da5f55ba-a02e-42aa-9987-d99083fb37c5/convert-claims-rule-to-lowercase?forum=ADFS

    Not via claims rules.

    You need a custom attribute store:

    String Processing Attribute Store Example


    Hamid Sadeghpour Saleh Microsoft MCT Regional Lead

    hamidsadeghpour.net

    Mark it as answer if your question has solved in order to keep forums updated.

    Monday, August 5, 2019 10:44 AM
  • Well, you can make it work with the regexp. But that's a bit tricky. What are the claim you need to send at the end?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, August 6, 2019 5:38 PM
  • Hi thanks for your reply,

    Yeah im looking into that, first option was to try the method above as suggested by some people that it is possible without creating a custom attribute store, i have never done it before but hopefully will work out.

    Cheers

    Wednesday, August 7, 2019 12:33 PM
  • So it works? What about the question "What are the claim you need to send at the end?" we can help you craft all the rules.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, August 7, 2019 3:12 PM
  • Hi Pierre

    Yeah a bit tricky lol, i just need to convert all to lowercase for the sAMAccountName that is sent to a RP.... If thats what you are asking?

    Cheers


    • Edited by weslecius Thursday, August 8, 2019 8:30 AM
    Thursday, August 8, 2019 8:25 AM
  • Have you solved this yet, or do you still need sAMAccountName in lowercase?

    Friday, August 16, 2019 11:49 AM
  • Hello All, Just wondering if there was any further information regarding this inquiry. I myself am in a similar situation where the SP requires outgoing claim to be in lowercase. Our AD environment comprise of upper/lowercase SAMAccountName values. SP requires lowercase for the SAN outgoing claim. Any guidance would be much appreciated. Thanks, Alex
    Saturday, December 7, 2019 6:25 PM
  • Just to add... Current claim rule is to send SamAccountName as Name ID. As much as possible we prefer to not have to add a custom attribute store but willing to go the regex route. Thanks again, Alex
    Saturday, December 7, 2019 6:43 PM