We have two domains. They are federated using ADFS setup. One domain, where our service providers are, contains user accounts from our partners. The other domain contains corporate users. This also has an ADFS setup, which is federated with the partner's ADFS.
The partner's ADFS domain where service providers are, trusts the corporate domain's ADFS via a claim provider trust (established on partner's domain ADFS trusting the corporate domains ADFS) and a relying part trust established (i.e. from corporate ADFS trusting
the partner's domain).
Authentication is working as expected. That is, for SP-initiated authentication, users from both domains are able
to successfully login to service providers deployed in partner's domain
For users in partner's, we are also able to retrieve additional attributes associated with the user accounts (such
as given names, groups memberships, etc.).
However, this is not true for users in corporate domain. When those users attempting to access the service provider
in partner's domain, users are able to only login but it does not bring any attributes associated with the user. I suspect the issue is with the claim rules defined. We tried several different combination of rules. However, we are not able to make any progress.
Any suggestions please? Thank you.
