How to write an ADFS claims rule for a custom Active Directory attribute

I worked a case recently for a customer that wanted to pass a custom Active Directory attribute as a claim. It’s actually easy to do and does not require a custom claim rule, but the answer is less than obvious.

To create a new Issuance Transform Rule on the relying party trust. Follow these steps:

Choose Add Rule

Use the Send LDAP Attributes as Claims template

Capture1

Name the rule and choose the Active Directory attribute store.

Capture2

Next, type the custom attribute name I the Ldap Attribute dropdown exactly as it appears in ADSI Edit or your favorite ldap browser of choice. Hit enter.

Capture3

You will notice that now if you choose the dropdown, the custom attribute is saved towards the bottom for future use.

Capture4

You can now map that attribute to any of the claim types built in to ADFS  – I happen to have chosen the “Name” claim type – and select Finish.

Capture5

That’s how to create an ADFS claims rule for your Active Directory custom attribute.  Deceptively easy.  Hope this helps.

Advertisements
Tagged with: ,
Posted in ADFS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: