The syntax of claim rules have always been confusing to me. For that reason and because I believe there are others out there like me, I’ve made a promise to myself to document the ones I do manage to get working. I’m sure there will be cleverer ways to do some of these things but this is where I’ll be adding the ones that have helped me out.
Send UPN without suffix
Rule 1: Get UPN
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";userPrincipalName;{0}", param = c.Value);
Rule 2: Issue “upnNoSuffix”
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(Type = "http://technut.se/upnNoSuffix", Value = RegExReplace(c.Value, "@.*$", ""));
Example:
| Incoming UPN claim | martin@technut.se |
| Outgoing “upnNoSuffix” claim | martin |
Hejsan Martin!
Thanks for a great blog! The thing is, I would need the opposite claim rule to this, in this case:
Incoming UPN claim: account
Outgoing claim: account@customer.com
The account is specific, not random. I can try to figure it out but I thought I’d ask anyway.
Thank you!
br Jan