@Rulename="Query AD for upn and sAMAccountName" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("ssupn", "sswindowsaccountname"), query = ";userPrincipalName,sAMAccountName;{0}", param = c.Value);
@Rulename="Obtain the domain from the upn" c:[Type == "ssupn"] => add(Type = "ssnewupn", Value = RegExReplace(c.Value, "^(.*?)@", ""));
@Rulename="Combine sAMAccountName with domain" c1:[Type == "ssnewupn"] && c2:[Type == "sswindowsaccountname"] => issue(Type = "urn:oid:0.9.2342.19200300.1001.3.6.1.4.1.5923.1.1.1.6", Value = c2.Value + "@" + c1.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
|