question

Jeff-3342 avatar image
0 Votes"
Jeff-3342 asked Jeff-3342 commented

Add an additional claim rule

We have a simple claim rule currently, see Below. Currently our RP uses UPN as usernames, we will need to change all records at the RP to become sAMAccountname. Is there a way i can create the rule now to avoid downtime when that change is made at the RP?

forgive me if i'm using the wrong terminology, ADFS is not my strength.

Rule 1: User-Principle-Name >> Name ID
Rule 2: UPN >> Name ID >> (outgoint name ID format) >> Entity Identifier

I cannot attach screenshots, i will try in an edit post

108300-rule1.png108317-rule2.png


adfs
rule1.png (127.9 KiB)
rule2.png (166.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
0 Votes"
piaudonn answered Jeff-3342 commented

I am not sure you can do something about it...
As soon as the application is configure to expect claims in a specific format, you'll have to send it in a specific format. It's mostly an application challenge actually. As the app will have to know that user@domain.com is now just user and update its permission and access control on its side. Are they aware of that?

From an ADFS admin perspective, the best you can do is time the change to reduce the window of opportunity of sending a wrong NameID.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yea, this is what i'm finding also. I've reached out to our vendors and have asked them to keep me in the discussion when the changes at the RP are made. I should be able to update our claims quickly.

Thanks!

0 Votes 0 ·