I have an adfs trust between adfs and "entrust getaccess" and need to grant external users access on a SharePoint portal. The SAML token contains two claims "email" and "groups", the "email" claim is working fine, the "groups" claim will submit all groups in distinguished name format separated by a ;. (e.g. "cn=ADFS-Test-Group,ou=ADFS-Test,ou=GROUPS,ou=GLOBAL,o=Client-Partners,c=com;cn=Users=GROUPS,ou=GLOBAL,o=EON-Partners,c=de")
I have the following claim rule:
c:[Type == "groupsADFS", Value =~ "(?i)ADFS-Test-Group"]=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", Value = "adfs-getaccess-inbound");
Question: Have I written my claim rule correctly, so that it will check if the name "ADFS-Test-Group" exists in the received claim and will transform it to a role claim with the value "adfs-getaccess-inbound"? I keep getting access denied and am unsure what might be the root cause.
Mark