question

Greg-9651 avatar image
0 Votes"
Greg-9651 asked ·

ADFS - Append String to End of Attribute Passed

Good morning,

I'm dealing with a challenge with the value passed by ADFS to an application in a particular attribute. Here is what he have for the value passed in the Claim Rule:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname";, Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("User.username"), query = ";userPrincipalName;{0}", param = c.Value);

I need the value of the "User.username" attribute passed to the application during sign-on to have ".stage" appended to the end. How do I accomplish this?

I thought changing "c.Value" to "c.Value + '.stage'" might work in param, but I think that didn't work.

adfs
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

DS-6360 avatar image
1 Vote"
DS-6360 answered ·

i think this rule will do

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn";] => issue(Type = "User.username", Value = c.Value + ".stage");

as when AD is your claim provider, it already generates a claim "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"; with the UserPrincipalName, and this rule simply set the right type and append the string .stage

· 3 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @DS-6360. Is there also a way to ensure that value passed is all lowercase? I noticed our UPN starts with a capital letter, which wouldn't match the Username in the application.

0 Votes 0 · ·

Actually, @DS-6360, the value passed ends up being converted to lowercase I guess. No need to answer my comment.

0 Votes 0 · ·

This worked for us! Thank you!

1 Vote 1 · ·