ADFS Claim to convert values to lower case

MrET-7389 96 Reputation points
2020-05-20T09:16:26.783+00:00

Hi!
We are currently using this claim rule but we need to change the attribute mail to lower case

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"http://schemas.xmlsoap.org/claims/Group"),
query = ";mail,givenName,sn,tokenGroups;{0}", param = c.Value);

I found this article
https://social.technet.microsoft.com/Forums/windowsserver/en-US/109a226d-b9c5-47b4-98ab-2d9e6446b1e4/adfs-claim-to-convert-user-id-to-uppercase?forum=ADFS

But I don't understand how to apply this to our current claim rule?

Regards ET

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("temp_email"), query = ";mail;{0}", param = c.Value);
c:[Type == "temp_email"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(c.Value, "a", "A"), "b", "B"), "c", "C"), "d", "D"), "e", "E"), "f", "F"), "g", "G"), "h", "H"), "i", "I"), "j", "J"), "k", "K"), "l", "L"), "m", "M"), "n", "N"), "o", "O"), "p", "P"), "q", "Q"), "r", "R"), "s", "S"), "t", "T"), "u", "U"), "v", "V"), "w", "W"), "x", "X"), "y", "Y"), "z", "Z"));

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,030 questions
0 comments No comments
{count} votes

Accepted answer
  1. MrET-7389 96 Reputation points
    2020-05-20T12:03:00.807+00:00

    Solved it by creating three separate rules

    Rule name 1: 1_email_to_lower_case

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("email_lower_case"), query = ";mail;{0}", param = c.Value);

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. MrET-7389 96 Reputation points
    2020-05-20T12:07:55.92+00:00

    3_claims c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/claims/Group"), query = ";givenName,sn,tokenGroups;{0}", param = c.Value);

    0 comments No comments