How to get client_id value in ADFS Issuance Transform Rule

0
votes

I am implementing a client credentials grant in ADFS3.0. This works based on the scenarios and developer examples.

I want to add an issuance transform rule that uses the client_id to lookup extra claims in a custom sql attribute store.

c:[Type == "???"]
 => issue(store = "Custom Attribute Store", types = ("XYZ"), query = "SELECT claimValue from dbo.ClientClaims WHERE clientId= {0}", param = c.Value);

What is the correct value for Type to find the client_id?

2
oauth-2.0adfsclaims-based-identityadfs3.0

2 Answers

0
votes

Claims work off AD and clientID is not an AD attribute.

The only way I can think of is to use a static claim where the clientID is hard-coded with a Type like "http://company.com/clientID" and then use that in the above rule.

0
votes

You can retrieve the appid using the following:

appid:[Type == "http://schemas.microsoft.com/2014/01/clientcontext/claims/appid"]

This will grant you access to the appid (The 36 character identifier for your client) to use in your custom rule.