Custom claim rules examples

The syntax of claim rules have always been confusing to me. For that reason and because I believe there are others out there like me, I’ve made a promise to myself to document the ones I do manage to get working. I’m sure there will be cleverer ways to do some of these things but this is where I’ll be adding the ones that have helped me out.

Send UPN without suffix

Rule 1: Get UPN

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";userPrincipalName;{0}", param = c.Value);

Rule 2: Issue “upnNoSuffix”

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
 => issue(Type = "http://technut.se/upnNoSuffix", Value = RegExReplace(c.Value, "@.*$", ""));

Example:

Incoming UPN claimmartin@technut.se
Outgoing “upnNoSuffix” claimmartin

1 thought on “Custom claim rules examples”

  1. Hejsan Martin!

    Thanks for a great blog! The thing is, I would need the opposite claim rule to this, in this case:
    Incoming UPN claim: account
    Outgoing claim: account@customer.com
    The account is specific, not random. I can try to figure it out but I thought I’d ask anyway.

    Thank you!
    br Jan

Leave a Reply

Your email address will not be published. Required fields are marked *