locked
Claim Rules -Federated ADFS RRS feed

  • Question

  • We have two domains. They are federated using ADFS setup. One domain, where our service providers are, contains user accounts from our partners. The other domain contains corporate users. This also has an ADFS setup, which is federated with the partner's ADFS. The partner's ADFS domain where service providers are, trusts the corporate domain's ADFS via a claim provider trust (established on partner's domain ADFS trusting the corporate domains ADFS) and a relying part trust established (i.e. from corporate ADFS trusting the partner's domain).

    Authentication is working as expected. That is, for SP-initiated authentication, users from both domains are able to successfully login to service providers deployed in partner's domain

    For users in partner's, we are also able to retrieve additional attributes associated with the user accounts (such as given names, groups memberships, etc.).

    However, this is not true for users in corporate domain. When those users attempting to access the service provider in partner's domain, users are able to only login but it does not bring any attributes associated with the user. I suspect the issue is with the claim rules defined. We tried several different combination of rules. However, we are not able to make any progress.

    Any suggestions please? Thank you.




    Friday, July 28, 2017 7:03 PM

Answers

  • You have corporate ADFS --> Partner ADFS --> application.

    For corporate users, you need LDAP rules, then pass-through rules on the RP side of the partner ADFS federation.

    On the partner side, you need pass-through rules on the CP side of the partner ADFS federation.

    Plus pass-through rules on the RP side for the application.

    Sunday, July 30, 2017 6:54 PM

All replies

  • You have corporate ADFS --> Partner ADFS --> application.

    For corporate users, you need LDAP rules, then pass-through rules on the RP side of the partner ADFS federation.

    On the partner side, you need pass-through rules on the CP side of the partner ADFS federation.

    Plus pass-through rules on the RP side for the application.

    Sunday, July 30, 2017 6:54 PM
  • Thank you so much. it worked!
    Tuesday, August 1, 2017 6:08 PM