Hello.
I have a WIF-aware application (locally hosted on IIS at Win2012 server) and protected by locally hosted ADFS 3.0. I want to use Azure AD as a source of users for my application. That is, when users are trying to access application URL, they must be redirected to ADFS and from there - to AzureACS for authentication.
First of all, I have obtained an Azure subscription. I have created Azure AD instance and a namespace and also added some users to this namespace. On AD page I clicked on "Applications" link and registered my ADFS as an application (provided application ID http://myadfs.domain.local and sign on urlhttps://myadfs.domain.local/adfs/ls/).
Then I went to ACS management console for my namespace and verified that I am using Windows ID as my only IdP
I have registered my ADFS as a Relying Party application in ACS console by importing metadata xml. I have verified that this RP is configured to use Windows ID as an IDP.
Then I went to Rule groups section and selected claim types that I want to be sent by ACS to ADFS.
Finally, I went to ADFS management console and configured a new Claims Provider by importing ACS metadata (https://login.windows.net/DIRECTORY_CODE/federationmetadata/2007-06/federationmetadata.xml) and then configured claim rules to match rule groups.
However, when I tried to login to my application, I have noticed that SAML assertions sent by ACS to ADFS contain only standard claim types, such as tenanted, objectidentifier etc. There were no claims that I have configured in rule groups!
So my question is what am I doing wrong? How do I make ADFS send for example Windows Account Name or NameID or email in SAML assertions?