ADFS 3.0 Custom attribute in SAML token

Question

I am setting up a relaying party trust (IDP) for an application a SP provides. Problem is that the SP requires a "customer ID" to be prefixed the username. E.g on-prem AD user john@company.com logges on and SP requires 001john@company.com to access the application. How do i configure ADFS 3.0 to include the "customer id" in SAML token?

Error i receive now is: "The customer Id in the username john@company.com does not match the ones configued for the partner [001]. SP uses IBM FIM as federation solution. Metadata is set up on both SP and IDP side.

Thanks.

rbrayb rbrayb · Accepted Answer · 2017-12-19T18:40:06

You can append a string e.g.

c:[type == "http://someclaim"] => issue(type = "http://anotherclaim", value = "001" + c1.Value );

but there is not enough detail.

Do you always add "001" or does it vary?

Which claim do you want to alter?

Update

Have a normal LDAP rule that takes email and creates http://company.com/Temp1 (The dropdown is editable).

Then:

c:[type == "http://company.com/Temp1"] => issue(type = "http://company.com/Temp2", value = "001" + c.Value );

Then use a transform rule to transform http://company.com/Temp2 to NameID with a format of email.

ADFS 3.0 Custom attribute in SAML token

1 Answers