Hi,
I am working on a solution, where, I want to query AD LDS using Email address and send Employee ID as claim.
My requirement is to use Email address attribute value from the user's AD account as a query value in AD LDS. Ideally it uses Windows Account name. I verified this while checking event viewer and using Send Ldap attribute as a claim".
So in short, AD Account and AD LDS Account have the same Email Attribute value. AD LDS does not have samAccountname Attribute. I tried the below claim rule but it doesn't create or generates a Claim. I used Fiddler and can see that SAML Response is getting created but the Subject part does not have Name ID.
1>
c:[Type == " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress ", Issuer == "AD AUTHORITY"]
=> issue(store = "LDS ", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/employeeID"), query = "mail={0};employeeID", param = c.Value);
NOTE:- If I use "Send Ldap attribute as claim" this works, since here i am using Active directory as a Store and it uses Windows Account name i:e samAccountname as query value.
Any inputs will be highly appreciated.
Regards,
Avis
I am working on a solution, where, I want to query AD LDS using Email address and send Employee ID as claim.
My requirement is to use Email address attribute value from the user's AD account as a query value in AD LDS. Ideally it uses Windows Account name. I verified this while checking event viewer and using Send Ldap attribute as a claim".
So in short, AD Account and AD LDS Account have the same Email Attribute value. AD LDS does not have samAccountname Attribute. I tried the below claim rule but it doesn't create or generates a Claim. I used Fiddler and can see that SAML Response is getting created but the Subject part does not have Name ID.
1>
c:[Type == " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress ", Issuer == "AD AUTHORITY"]
=> issue(store = "LDS ", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/employeeID"), query = "mail={0};employeeID", param = c.Value);
NOTE:- If I use "Send Ldap attribute as claim" this works, since here i am using Active directory as a Store and it uses Windows Account name i:e samAccountname as query value.
Any inputs will be highly appreciated.
Regards,
Avis