Versions Compared

Old Version 33

changes.mady.by.user Matt Schroeder

Saved on

compared with

New Version Current

changes.mady.by.user Matt Schroeder

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

@Rulename="Get Email"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:0.9.2342.19200300.100.1.3"), query = ";mail;{0}", param = c.Value);

@Rulename="Convert Email xml"

c:[Type == "urn:oid:0.9.2342.19200300.100.1.3"]
 => issue(Type = c.Type, Value = c.Value, Issuer = c.Issuer, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

@RuleName="Get FirstName"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:2.5.4.42"), query = ";givenName;{0}", param = c.Value);

@RuleName="Convert FirstName xml"

c:[Type == "urn:oid:2.5.4.42"]
 => issue(Type = c.Type, Value = c.Value, Issuer = c.Issuer, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
 
@RuleName="Get LastName"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:2.5.4.4"), query = ";sn;{0}", param = c.Value);

@RuleName="Convert LastName xml"

c:[Type == "urn:oid:2.5.4.4"]
 => issue(Type = c.Type, Value = c.Value, Issuer = c.Issuer, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); 

@Rulename="Get sAMAaccountName"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:1.2.840.113556.1.4.221"), query = ";sAMAccountName;{0}", param = c.Value);

@Rulename="Convert sAMAccountName / uid xml"

c:[Type == "urn:oid:1.2.840.113556.1.4.221"]
 => issue(Type = "urn:oid:0.9.2342.19200300.100.1.1", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
@Rulename="Get displayName"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:1.2.840.113556.1.2.13"), query = ";displayName;{0}", param = c.Value);

@Rulename="Convert displayName xml"

c:[Type == "urn:oid:1.2.840.113556.1.2.13"]
 => issue(Type = "urn:oid:2.16.840.1.113730.3.1.241", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

@Rulename="Name Identifier"c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
 => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");

...

@Rulename="Transform sAMAccountName to EPPN"
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
 => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

Example of eduPersonPrincipalName(EPPN) mapped to sAMAccountName.  Like the above example, the EPPN needs to be unique not only to your organization but to others as well.  The sAMAccountName doesn't have the domain value added, the below example you creates create three custom rules.   The first queries AD for sAMAccountName & upn, the second pulls the domain value from the upn, the third adds the domain value to the sAMAccountName and gives it the EPPN value.  

...

@Rulename="Get Street"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:2.5.4.9"), query = ";street;{0}", param = c.Value);

@Rulename="Convert Street xml"

c:[Type == "urn:oid:2.5.4.9"]
 => issue(Type = c.Type, Value = c.Value, Issuer = c.Issuer, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

@Rulename="Get Locality"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:2.5.4.7"), query = ";l;{0}", param = c.Value);

@Rulename="Convert Locality xml"

c:[Type == "urn:oid:2.5.4.7"]
 => issue(Type = "urn:oid:2.5.4.7", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");


@Rulename="Get State"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:2.5.4.8"), query = ";st;{0}", param = c.Value);

@Rulename="Convert State xml"

c:[Type == "urn:oid:2.5.4.8"]
 => issue(Type = c.Type, Value = c.Value, Issuer = c.Issuer, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

@Rulename="Get PostalCode"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:2.5.4.17"), query = ";postalCode;{0}", param = c.Value);

@Rulename="Convert PostalCode xml"

c:[Type == "urn:oid:2.5.4.17"]
 => issue(Type = c.Type, Value = c.Value, Issuer = c.Issuer, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

@Rulename="Get telephoneNumber / homePhone"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:2.5.4.20"), query = ";telephoneNumber;{0}", param = c.Value);

@Rulename="Convert telephoneNumber xml"

c:[Type == "urn:oid:2.5.4.20"]
 => issue(Type = "urn:oid:0.9.2342.19200300.100.1.20", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

 @Rulename="Example Get Manager add domain"

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("urn:oid:0.9.2342.19200300.100.1.10"), query = ";manager;{0}", param = c.Value);



Note for CCC Tech Center implementations:  AD FS metadata isn't compatible with the proxy.  Use the attached template and modify with the data supplied in the college's metadata.

View file
nameADFS_Metadata_template.zip
height250

Please contact Matt Schroeder with any questions:  matthew.schroeder@ccctechcenter.org

...