I am trying to configure ADFS as an OpenID provider as generic authentication system for multiple application stacks (my objective is to define a solution usable on multiple stacks).
After several tests, we reached a level where we are able to authenticate the users and to retrieve the id_token.
Now, the problem is in the claims we receive in the default id token does not include some of the claims we considered "standard" such as the email one.
We currently use as Claim Provider Trust, our corporate Active Directory.
The list of claims we receive is part of the claims declared as default in the limitations sections of this article:
https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/adfs
The claims provided are:
aud, authenticationinstant, c_hash, exp, iat, iss , name, nameidentifier, nonce, upn, pwd_exp
In our case the upn field matches the email attribute and therefore we have a sort of workaround.
My objective anyway would be to be able to ship the email claim as part of the id token in order to standardize our solution with other OPs currently being in use and do not force applications to change their code base.
How can I configure ADFS to ship the additional claim over the id token?
