Custom claim rules examples

The syntax of claim rules have always been confusing to me. For that reason and because I believe there are others out there like me, I’ve made a promise to myself to document the ones I do manage to get working. I’m sure there will be cleverer ways to do some of these things but this is where I’ll be adding the ones that have helped me out.

Send UPN without suffix

Rule 1: Get UPN

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";userPrincipalName;{0}", param = c.Value);

Rule 2: Issue “upnNoSuffix”

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
 => issue(Type = "http://technut.se/upnNoSuffix", Value = RegExReplace(c.Value, "@.*$", ""));

Example:

Incoming UPN claimmartin@technut.se
Outgoing “upnNoSuffix” claimmartin

Leave a Reply

Your email address will not be published. Required fields are marked *