0
votes

I am using ADFS 2.0 as a service provider and Shibboleth as an IDP which issues SAML2 attributes in the form of:

<saml2:AttributeStatement>
        <saml2:Attribute FriendlyName="nameidentifier" Name="nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">testuser</saml2:AttributeValue>
        </saml2:Attribute>
</saml2:AttributeStatement>

does anyone know how to setup a claim rule to consume this attribute?

I have tried the following but it didn't work:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] == "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"] => issue(claim = c);

What am I doing wrong?

Thanks

1

1 Answers

0
votes

Should just be

c:[Type == "nameidentifier"]
=> issue(claims = c)

The FriendlyName and NameFormat are accessible from properties, like you have in your rule. You don't need to include them though unless you want to narrow the scope of your rule (in which case, please update your question with that requirement).

HTH!