The syntax of claim rules have always been confusing to me. For that reason and because I believe there are others out there like me, I’ve made a promise to myself to document the ones I do manage to get working. I’m sure there will be cleverer ways to do some of these things but this is where I’ll be adding the ones that have helped me out.
Send UPN without suffix
Rule 1: Get UPN
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";userPrincipalName;{0}", param = c.Value);
Rule 2: Issue “upnNoSuffix”
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(Type = "http://technut.se/upnNoSuffix", Value = RegExReplace(c.Value, "@.*$", ""));
Example:
Incoming UPN claim | martin@technut.se |
Outgoing “upnNoSuffix” claim | martin |