Saturday, May 30, 2015

single sign on - ADFS Metadata with Active Directory Attributes



Using ADFS on Windows 2012 R2. I have created a Relaying Party Trust that has a claim rule defined that maps a Active Directory Attribute to a named attribute in the vendors system.



When I view the federationmetadata.xml file I notice that these attribute are not present, only the items listed in "Claim Descriptions" are present.



Is this normal?
Apparently the Application Vendors system is using PingFederate and they are expecting those attributes to be present in the metadata file.


Answer



Followed advice from Microsoft support and created claim description items which included the attributes I wanted to include, these were then present in the metadata file. Applying an Issuance Transform allowed me to map values to these attributes.



No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...