ADFS 4.0, Federated with external IDP
Scenario:
ADFS at Forest root domain Root.local
Federated with external IDP sending NameID to ADFS
at ADFS, claims Provider trust created and pass NameID
At child domain A.root.local we created shadow account to match with NameID sent from External IDP
A SAML2.0 app onboarded at ADFS but using security group as Role at child-domain A.Root.local (domain netbios A)
External IDP sucessfully send NameID to ADFS for login, question is how do I transform that NameID from external IDP to add A\NameID or nameID@a.root.local so it will query the security group at child domain to send as role?
I am trying to add domain netbios name A to NameID in format A\NameID to the store and having another rule to look up security group at child domain to send as Role.
Thanks