I am trying to create custom claim issuance transform rules using Regular Expressions which GETS a user's email address and sends just the email domain for that user. The SAML Service Provider is expecting the attribute name urn:oid:1.3.6.1.4.1.5923.1.1.1.7 in the urn:oasis:names:tc:SAML:2.0:attrname-format:uri nameFormat. However, the rule is not working. Below are details:
Starting possible values:
john.choe@students.someschool.edu
jchoe@someschool.edu
Desired value to be issued via claim:
students.someschool.edu
someschool.edu
Claim rules:
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",
Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("urn:oid:1.3.6.1.4.1.5923.1.1.1.7"), query = "; mail;{0}", param = c.Value);
c:[Type == "urn:oid:1.3.6.1.4.1.5923.1.1.1.7"]
=> issue(Type = c.Type, Value = RegExReplace(c.Value, "[^\n]*@", ""), Issuer = c.Issuer,
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
Any thoughts on what's wrong with my regex? RegExReplace(c.Value, "[^\n]*@", "") should be finding all chars before @, and replacing it with the empty string.
Resources I used to create this rule:
Regular Expression Syntax: http://social.technet.microsoft.com/wiki/contents/articles/16161.ad-fs-2-0-using-regex-in-the-claims-rule-language.aspx
AD FS 2.0: Using RegEx in the Claims Rule Language: http://msdn.microsoft.com/en-US/library/ae5bf541(v=VS.80).aspx
Thanks in advance for any help you may be able to provide.