Quantcast
Channel: Claims based access platform (CBA), code-named Geneva forum
Viewing all articles
Browse latest Browse all 2535

ADFS rules to permit based on group always denies

$
0
0

The following rules always return a RequestDenied regardless of group membership and I cannot figure out why. However; if I permit all users the response comes through as expected.

Transform Rules

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-154865993-911430437-929701000-56327", Issuer == "AD AUTHORITY"]
 => issue(Type = "PermitAccess", Value = "1", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, ValueType = c.ValueType);
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = ";sAMAccountName,givenName,sn,mail;{0}", param = c.Value);

Authorization Rules

c:[Type == "PermitAccess", Value == "1"] => issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");


~Preston




Viewing all articles
Browse latest Browse all 2535

Latest Images

Trending Articles



Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>