locked
Claims rule to get WindowsAccountName RRS feed

  • Question

  • I have configured Claims Provider Trust in ADFS and I am getting only Email in NameID. I can not make changes to Third party Claims Provider Trust, so I have to get WindowsAccountName using Email which I received in NameID from Third Party IDP and forward it to applications ahead.

    Can someone please help me to write Claim Rules to support this?

    Wednesday, March 4, 2020 9:26 AM

Answers

All replies

  • Well the Windows Account Name makes sense when the user comes from AD. If the user comes from an external claim provider, it does not really have a specific purpose really. 

    Why would you need to define it anywhere in your rules?


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, March 4, 2020 2:49 PM
  • Well I am using OWA as Relying Party in ADFS. In OWA, there are Claim rules which take WindowsAccountName as input and fetches primarySID and UPN of user from AD and send to OWA.
    Thursday, March 5, 2020 5:15 AM
  • But if you user comes from a different claim provider, the user won't exist in your forest. Or am I missing something?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, March 6, 2020 7:48 PM
  • User is present in my AD, but instead of coming from AD and sending it to OWA, I want to authenticate at third party Claims provider, then I am receiving Email in NameID. And using Email, I want to fetch WindowsAccountName of the user and send it along with UPN to OWA.
    Friday, March 6, 2020 8:19 PM
  • Hum. I see. Why not :)

    Are you sure that's an email you are getting or a UPN? Are those two attributes the same in your environment? 

    Also, I would encourage you to post your message on the new platform to increase its visibility: https://docs.microsoft.com/answers/topics/adfs.html


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, March 6, 2020 8:27 PM
  • Yes Email and UPN are same in my case. Thank you for your suggestion. I’ll post my question on the new platform as well.
    Friday, March 6, 2020 8:29 PM
  • Answered here: https://docs.microsoft.com/answers/questions/11691/claims-rule-to-get-windowsaccountname.html

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, March 9, 2020 5:52 PM