locked
ADFS 4.0 (Server 2016) , SampApp - Show Distinguished Name RRS feed

  • Question

  • I Setup my ADFS Lab by following this tutorials:

    Set up the lab environment for AD FS in Windows Server 2012 R2 and

    Install and Configure a Simple .Net 4.5 Sample Federated Application (Thanks to Mark)

    It works perfectly as I can see the claimes beeing passed throught in this sample application (SampApp). Now I would like to know if it is possible to get the "distingueshedName" Attribute from AD shown at this application Website like all the other Claims. I managed it to get the emailaddress passed through by adding the following rule:

    Claims Provider Trusts-> AD -> Edit Claim Rules -> Add Rule... -> Send LDAP Attributes to Claims ->

    Rule Name: Email

    Attribute Store: Active Directory

    Mapping: "E-Mail-Addresses"(LDAP Attribute) , "E-Mail Address"(Outgoing Claim Type)

    How to add such a rule for "distinguishedName" AD-Attribute?

    I found the this solution proposal but it is reference to AD 2.0.

    Edit:

    This is also not working . I cannot see the distinguishedname on my webapp:


    • Edited by 1.FreddyD Thursday, September 14, 2017 5:03 AM
    Thursday, September 7, 2017 9:44 AM

Answers

  • The drop-down is editable so you can enter any attribute you want.

    Refer: ADFS : Selecting claim that's not in the default drop down.

    • Marked as answer by 1.FreddyD Friday, September 8, 2017 12:17 PM
    Thursday, September 7, 2017 7:06 PM
  • Try something like:

    http://company.com/distinguishedName

    as the outgoing claim.

    • Marked as answer by 1.FreddyD Monday, September 11, 2017 5:05 AM
    Sunday, September 10, 2017 6:59 PM
  • I answered this a while back on SO and confirmed that it worked.

    https://stackoverflow.com/questions/11968455/send-distinguished-name-adfs-2-0

    Note the attribute is "distinguishedName" - capital "N".

    • Marked as answer by 1.FreddyD Monday, September 11, 2017 9:36 AM
    Monday, September 11, 2017 8:52 AM

All replies

  • The drop-down is editable so you can enter any attribute you want.

    Refer: ADFS : Selecting claim that's not in the default drop down.

    • Marked as answer by 1.FreddyD Friday, September 8, 2017 12:17 PM
    Thursday, September 7, 2017 7:06 PM
  • Thanks for your answer. I already read this/your blog, but what do I have to type in?

    I found this tutorial, but typing in "distinguishedName" in LDAP section and "Distinguished Name" in Outgoing Claim (in "Claim Provider Trust -> AD -> Edit Claim Rules->..."), doesn't work. I can't see the distinguishedName in my webapp.


    • Edited by 1.FreddyD Friday, September 8, 2017 12:18 PM
    Friday, September 8, 2017 5:05 AM
  • Try something like:

    http://company.com/distinguishedName

    as the outgoing claim.

    • Marked as answer by 1.FreddyD Monday, September 11, 2017 5:05 AM
    Sunday, September 10, 2017 6:59 PM
  • Thanks for your Reply!

    I tried it like this: ...

    ...but no distinguishedname will be shown in the webapp.

    Is it wronge or did I forgot something? Do I have to add a Claim Discription?

    Monday, September 11, 2017 5:11 AM
  • I answered this a while back on SO and confirmed that it worked.

    https://stackoverflow.com/questions/11968455/send-distinguished-name-adfs-2-0

    Note the attribute is "distinguishedName" - capital "N".

    • Marked as answer by 1.FreddyD Monday, September 11, 2017 9:36 AM
    Monday, September 11, 2017 8:52 AM
  • Thank you very much!

    It's working now!!!

    So, this is the Claim Rule:


    • Edited by 1.FreddyD Monday, September 11, 2017 12:59 PM
    Monday, September 11, 2017 9:35 AM