locked
ADFS claims rule RRS feed

  • Question

  • I need to set up claims rules for a relying party trust. This is what I need to send:

    • mail: Email address (ASCII characters only)
    • givenName: First name
    • sn: Last name
    • telephoneNumber: Business phone number. If it is not available, populate with school’s main campus phone number
    • schoolNumber: XXXX (this is a number)
    • schoolName: The name of my school
    • userType: Single or List attributes that identify the user type, e.g. faculty, staff, etc. The attribute can also be a commonly used attribute; for example, eduPersonScopedAffiliation or edupersonprimaryaffiliation.

    The attributes I am struggling with are telephoneNumber and schoolNumber.

    How do I set up a rule that just sends our main phone number for everyone as it's not stored in an AD attribute? (I do not want to send peoples real phone numbers)

    schoolNumber is not an attribute in AD, Is there a way to make a claim rule to send the assigned number for everyone or does it have to be added as an actual attribute?

    Monday, September 16, 2019 5:36 PM

All replies

  • You can use static attributes e.g.

     => issue(Type = "schoolNumber", Value = "ABC");

    schoolNumber does not have to be in AD.

    Monday, September 16, 2019 7:03 PM
  • If the exact same phone number should be sent for everyone regardless, you can just hard code the value in a custom claim rule. Something like:

    c:[] => issue(Type = "correctclaimnamegoeshere", Value = "(555) 555-1212");

    Monday, September 16, 2019 7:04 PM