So I was setting up an ADFS service on a Windows Server 2016 instance. I created a Relying Party Trust, and was about to create 2 claim issuance policies since our Service Provider has a nameId policy which needs to be met. The required policy is as follows
<NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress" AllowCreate="true"/>
So I added these two claims:
The second is a transformation rule as follows:
This resolves to the rule language:
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
The problem is, that this generates a format of urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and not urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress as in the requested policy and seemingly I can't change it to SAML2.0 as I can not manually edit the rule. Any ideas to fix this?
