@Rulename="Query AD for upn and sAMAccountName" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("ssupn", "sswindowsaccountname"), query = ";userPrincipalName,sAMAccountName;{0}", param = c.Value);
@Rulename="Obtain the domain from the upn"
c:[Type == "ssupn"]
=> add(Type = "ssnewupn", Value = RegExReplace(c.Value, "^(.*?)@", ""));
@Rulename="Combine sAMAccountName with domain"
c1:[Type == "ssnewupn"]
&& c2:[Type == "sswindowsaccountname"]
=> issue(Type = "urn:oid:0.9.2342.19200300.1001.3.6.1.4.1.5923.1.1.1.6", Value = c2.Value + "@" + c1.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
|