I worked a case recently for a customer that wanted to pass a custom Active Directory attribute as a claim. It’s actually easy to do and does not require a custom claim rule, but the answer is less than obvious.
To create a new Issuance Transform Rule on the relying party trust. Follow these steps:
Choose Add Rule
Use the Send LDAP Attributes as Claims template
Name the rule and choose the Active Directory attribute store.
Next, type the custom attribute name I the Ldap Attribute dropdown exactly as it appears in ADSI Edit or your favorite ldap browser of choice. Hit enter.
You will notice that now if you choose the dropdown, the custom attribute is saved towards the bottom for future use.
You can now map that attribute to any of the claim types built in to ADFS – I happen to have chosen the “Name” claim type – and select Finish.
That’s how to create an ADFS claims rule for your Active Directory custom attribute. Deceptively easy. Hope this helps.