AD FS 3.0 timestamp (date and time) of access as outgoing claim

All replies

• 

  

  1

  Sign in to vote

  There are always two default claims:

  http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod =

  urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

  http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant =

  2016-02-10T21:54:27.969Z

  • Marked as answer by PSapprentice Wednesday, February 17, 2016 8:54 AM

  Wednesday, February 10, 2016 10:01 PM
• 

  

  0

  Sign in to vote

  Hi nzpcmad1, thanks for your reponse. I can't believe I missed this in the claims description!

  One thing is weird though, I can never make a passthrough rule to pass these claims to the service provider. Even if I create a passthrough rule in the acceptance rules and issuance rules (even in the authorization rules just to be sure), these claims never get to the service provider. However, if I create some kind of a transform rule, the claims do get to the service provider. What I mean is, the following does NOT work:'

  c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"]
   => issue(claim = c);

  
  

  but the following works just fine:

  c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"]
   => issue(Type = "http://someotherauthenticationinstant", Value = c.Value);
  

  
  

  can you, or anyone, explain this behavior?

  Thursday, February 11, 2016 11:50 PM