SAML Claim Transformation

Question

I have a claim for the employeeId that I need to send in a SAML Response that is stored in the users Azure account as a string. The maximum length is 8 characters. The stored values can be between 4-8 characters. If the employeeId is 4444 for example the value that needs to be sent in the claim needs to be 00004444. If the stored value is 666666 the claim needs to be 00666666. So the claim value sent in the SAML Response needs to be padded with zeros up to 8 characters. The transformations that are provided by the Azure Portal cannot do this sort of transformation. Can I use PowerShell to programmatically do this? This would be an example of the code I currently use with another Identity Provider. It is Javascript. Can I do something similar with PowerShell?

function main( P1 ){
return ssoid(P1);

}
function ssoid(attribute){
var result = '';
if(attribute.length==6){
result = '00' + attribute;
}
else if(attribute.length==7){
result = '0' + attribute;
}

else if(attribute.length==5){
    result = '000' + attribute;
    }   
else if(attribute.length==4){
    result = '0000' + attribute;
    }       
else if(attribute.length==3){
    result = '00000' + attribute;
    }               
else{
    result = attribute;
    }
    return result;

}

Answer 1

Hi @Martin Thomas Duffy ,

I understand that you are hoping to return the string padded with zeroes up to 8 characters. Powershell has the built-in PadLeft method that you can use to accomplish this. I wrote and tested this function and it worked to do what you were hoping to accomplish:

function formatAccountString ($str) {   
    return $str.PadLeft(8, '0')  
}  

Here is the result using 4444:

Let me know if this helps.

-

If this answer helped resolve your question, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.