Sending a Custom Response for Department RRS feed

  • Question

  • Hello,

    I would like to write a custom claim that would lookup the Department field in AD and map it to an account code that our federated app would use to assign the user to an account. For instance, if someone was in Payroll, the RP would assign them to account 1222, if HR, then account 1333, etc.

    I was trying to adopt the Department - Department transform rule.

    Would I need to create a custom rule for each department or a single rule with all the conditions specified? Also, I would appreciate any help with syntax, etc.

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]

    EXISTS([Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department", Value =~ "Payroll"])
    => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department"), Value==1222);

    EXISTS([Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department", Value =~ "HR"])
    => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department"), Value==1333);

    Thanks, Robert

    Wednesday, September 26, 2018 6:28 PM


All replies

  • You need a normal LDAP claim to take "department" and map to "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department".

    This would be first.

    The "=" are the wrong way around.

    Value ==~ "Payroll"


    Wednesday, September 26, 2018 6:48 PM
  • Sorry, I am not quite clear.

    Do you mean:

    EXISTS([Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department", Value ==~ "Payroll"])
    => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department"), Value=1222);

    Thanks, Robert

    • Proposed as answer by Jorrk Friday, September 28, 2018 5:43 AM
    Thursday, September 27, 2018 10:44 PM
  • Yes.

    • Marked as answer by RobertT76 Tuesday, October 9, 2018 6:09 PM
    Friday, September 28, 2018 2:29 AM