Hi all,
I'm new to ADFS & SAML and trying to work my way through an implementation. I know that my organisation will be the IdP & and have some info about the SP's endpoint and claim requirements.
What I'm struggling with is creating a custom claim rule. I don't really want to learn another Microsoft language just for this so I'm hoping someone can steer me in the right direction.
My questions are:
- Creating a Claim description, does the URI do anything? I believe I need to create a claim description for AD attribute EmployeeID but what do I use for the schema? I've seen references to http://.../test etc, but is this valid?
- Creating a custom claims rule: I've tried custom rules I've found searching:
Link1 - http://social.msdn.microsoft.com/Forums/vstudio/en-US/cc7c5271-a23d-4afb-a083-79fb07841cd9/some-help-with-using-employee-id-as-a-claim?forum=Geneva
Link2 - http://social.msdn.microsoft.com/Forums/vstudio/en-US/74e8a7bf-d659-4c83-b079-0cefceb7f538/adfs-custom-claim?forum=Geneva
...but they aren't accepted when I copy and modify for EmployeeID. What I need is a rule that accepts any authenticated user (hoping for intranet integrated authentication), pulls their AD employeeID attribute, prepends the employeeID with a value (for this example, let's call it "abcd" and sends that as the "Name" entity in the claim
- What URL do we give users to connect to, that initiates the IdP claim to the SP? I've seen the URL https://adfs.server/adfs/ls/IdpInitiatedSignon.aspx ...and that my Relying Trust entity is in there... but is there a way to make this automated when the user selects an entry? Is this the RelayState feature I've seen referenced?
Thanks in advance!