question

MartinThomasDuffy-5803 avatar image
0 Votes"
MartinThomasDuffy-5803 asked MarileeTurscak-MSFT edited

SAML Claim Transformation

I have a claim for the employeeId that I need to send in a SAML Response that is stored in the users Azure account as a string. The maximum length is 8 characters. The stored values can be between 4-8 characters. If the employeeId is 4444 for example the value that needs to be sent in the claim needs to be 00004444. If the stored value is 666666 the claim needs to be 00666666. So the claim value sent in the SAML Response needs to be padded with zeros up to 8 characters. The transformations that are provided by the Azure Portal cannot do this sort of transformation. Can I use PowerShell to programmatically do this? This would be an example of the code I currently use with another Identity Provider. It is Javascript. Can I do something similar with PowerShell?

function main( P1 ){
return ssoid(P1);

}
function ssoid(attribute){
var result = '';
if(attribute.length==6){
result = '00' + attribute;
}
else if(attribute.length==7){
result = '0' + attribute;
} 

 else if(attribute.length==5){
     result = '000' + attribute;
     }    
 else if(attribute.length==4){
     result = '0000' + attribute;
     }        
 else if(attribute.length==3){
     result = '00000' + attribute;
     }                
 else{
     result = attribute;
     }
     return result;

}

azure-ad-libraries
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered MarileeTurscak-MSFT edited

Hi @MartinThomasDuffy-5803,

I understand that you are hoping to return the string padded with zeroes up to 8 characters. Powershell has the built-in PadLeft method that you can use to accomplish this. I wrote and tested this function and it worked to do what you were hoping to accomplish:

 function formatAccountString ($str) { 
     return $str.PadLeft(8, '0')
 }

Here is the result using 4444:

182073-image.png


Let me know if this helps.


If this answer helped resolve your question, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.





image.png (9.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MartinThomasDuffy-5803 avatar image MartinThomasDuffy-5803 ·

I really appreciate your response. I am trying to setup a meeting with Microsoft to verify if any PowerShell function can be used in a SAML Claim. I will post their response once I get it.

0 Votes 0 ·