Hi
I have created below custom rule's for our external vendor, however vendor saying in SAML no attribute is showing up.
Also one more attribute called "programSponsorID" also to be passed , for which i have created custom rule "
=> issue(Type = "ClientID", Value = "19041");" after which SAML showed only "programSponsorID" attributeRule -1: Retrive data from domain1
============
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] && c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Value =~ "^S-1-5-21-565340280-3634756063-3263756308"] => add(store = "AD", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"), query = ";extensionattribute1;{0}", param = regexreplace(c.Value, "(?<domain>[^@]+)\\(?<user>[^@]+)", "${domain}.local\${user}"));
-----------------------------------------
Rule-2-Verify claims from domain1
NOT exists([Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]) => add(Type = "NameIDNotFound", Value = "NameIDNotFoundinLoyalty");
m = regexreplace(c.Value, "(?<domain>[^@]+)\\(?<user>[^@]+)", "${domain}.local\${user}"));
-------------------------------------------------
Rule-3-Retrieve Claim from domain2
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
&& c1:[Type == "NameIDNotFound", Value == "NameIDNotFoundinLoyalty"]
&& c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Value =~ "^SID"]
=> add(store = "AD", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"), query = ";employeeID;{0}", param = c.Value);
--------------------------------------------
Rule-4-Verify claims from domain2
NOT exists([Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"])
=> add(Type = "NameIDNotFound", Value = "NameIDNotFoundinAllData");
Rule-5- Retrieve Claim from domain3
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
&& c1:[Type == "NameIDNotFound", Value == "NameIDNotFoundinAllData"]
&& c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Value =~ "^SID"]
=> add(store = "AD", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"), query = ";employeeID;{0}", param = c.Value);
--------------------------------------------------------------------
Rule-6-Verify claims from Domain3
NOT exists([Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"])
=> add(Type = "NameIDNotFound", Value = "NameIDNotFoundinADSCorp");
--------------------------------------------
Rule-7-Retrieve Claim from domain4
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
&& c1:[Type == "NameIDNotFound", Value == "NameIDNotFoundinADSCorp"]
&& c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Value =~ "^SID"]
=> add(store = "EpsilonLDAP", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"), query = "sAMAccountName={0};employeeNumber", param = regexreplace(c.Value, "(?<domain>[^\\]+)\\(?<user>.+)","${user}"));
----------------------------------------------
Rule-8-Issue NameID Claim
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]
=> issue(claim = c);