Hi all,
So our ADFS guy left a while ago leaving me to hold the fort with zero previous ADFS experience. Mostly ok, however very basic setups or Vendors who know exactly what they need to integrate. I currently have a vendor who is insisting I return the user group membership as an array called "Groups". I told them I could do this using role or group as published in our metadata, however they are insisting it be called "Groups".
I thought I might be able to do this by doing a transform of incoming claim type to outgoing claim type, I'm just ending up with errors though. I'm completely unfamiliar with doing anything like this, is it even possible using ADFS 3.0 On-Prem infrastructure? Would be very grateful if someone could lend assistance as the vendor neither has documentation or a willingness to help.
Might help if I add what I've tried so far to get a custom attribute name to work. Found a similar issue elsewhere on the web whose solution was to create two seperate rules like this;
1st Rule gets the users group membership and assigns it to a temporary store
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("memberOf"), query = ";memberOf;{0}", param = c.Value);
2nd rule issues these results to the custom attribute name.
c:[Type == "memberOf"]
=> issue(Type = "Groups", Value = c.Value);
I put each of these in their own custom rule in the order listed above which generates and error for me.