locked
claim issuance - if employeeNumber is present, use that; if not, use another attribute value - how? RRS feed

  • Question

  • I'm trying to do something similar to...

    using NOT EXISTS in ADFS claim rules

    Imagine I have user accounts as follows;

    cn employeeNumber homeDirectory
    Alice Alice \\server\share\314159
    Bob \\server\share\271828

    I want to issue an immutableID claim such that...

    • if employeeNumber value exists, use that
    • if employeeNumber does not exist, then issue the last 6 characters from the homeDirectory attribute

    Hence, the token would be something like...

    cn immutableID
    Alice Alice
    Bob 271828

    How would I do this?

    The claim rule language primer doesn't help for this scenario.

    I know I have to add employeeNumber, then test it and if so, lookup the user's homedirectory, then extract the last 6 digits.  I'm fairly sure it's possible, I just don't know how?







    Friday, May 10, 2019 10:38 AM