I am trying to create a custom claim rule in adfs to re-write the email address to NameId but in lowercase.
The reason is Responsys reads the claims and is case sensitive when comparing the NameId in the SAML Response it fails. Our Active Directory has email address as mixed case for some users and lowercase for others. e.g. LJeary@ or ljeary@
I have added a custom attribute store to do the lowercase part but I am not seeing the Claim in the SAMLResponse.
as per http://macintheoffice.com/?q=node/5
I need help to create a custom claim rule which will successfully send the email address as lowercase in the outgoing claim NameID
Should see this
<Subject>
<NameID>[email protected]</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData NotOnOrAfter="2017-05-10T03:24:20.358Z" Recipient="https://interact2.responsys.net/authentication/login/loginSSO" />
</SubjectConfirmation>
</Subject>
but see this
<Subject>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData NotOnOrAfter="2017-05-10T03:24:20.358Z" Recipient="https://interact2.responsys.net/authentication/login/loginSSO" />
</SubjectConfirmation>
</Subject>
missing the NameID attribute.
Custom Claim Rule used is
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
=> issue(store = "StringProcessing", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"), query = "toLower", param = c.Value);
answer: Thanks @nzpcmad . Came up with a similar process by returning the email address and storing in an incoming claim. Then creating another rule to take the email incoming claim transform to lower and assign to outgoing claim NameID.
