All - I am very new to Adfs.
I need to have the lastPwdSet attribute from AD passed back to the SharePoint relying party. This information is required to be able to display an information icon to users who have a password that will soon be expiring.
Please help me in fixing this issue. I am not sure where i am wrong and what i am doing wrong.
I perform the following Steps but not getting the Desired Results.
ADFS 2.0
- Adding a new claim description to Adfs 2.0 under claim description
- Adding Claim Type = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/pwdLastSet
- Add a Trusted Relying Party (RP)
- Enter data about the relying party manually
- Edit Claim Rules for SharePoint Server
- Add Rule
- Send LDAP Attributes as Claims
- Claim Rule
- Name: PwdLastSet
- Attribute Store: Active Directory
- LDAP Attribute: PwdLastSet
- Outgoing Claim Type: PwdLastSet
Configure SharePoint to Use the Claim
- Open PowerShell Window
- Make sure that certificate is there on the ‘Trusted Root Certification Authorities’ (It was already there so just make sure)
- Add the PowerShell script highlighted below
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\ps\adfsconfig\adfssigning.cer") $map = New-SPClaimTypeMapping "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/pwdLastSet" -IncomingClaimTypeDisplayName "pwdLastSet" -SameAsIncoming $realm = "urn:tmp-shp:adfs" $signinurl = "https://AD01.dev.nets/adfs/ls/" $claimsmap = $email,$role,$givenNameClaim,$surnameClaim,$objectGuidClaim,$employeeTypeClaim,$pwdLastSetClaim $ap = New-SPTrustedIdentityTokenIssuer -Name “ADFS 2.0″ -Description “ADFS 2.0 Federated Server” -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1 -SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType Add-SPTrustedRootAuthority -Name "ADFSTokenSigningCertificate" -Certificate $cert
|
Thanks - Ad