The rule you've provided is used to add group membership claims to users based on the http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
claim. This rule queries the Active Directory for the groups a user is a member of and adds those groups as claims.
ADFS Group membership Claim
Hi All,
We have ADFS 3.0 and we have relying party trust where we are sending User's group membership as claim. The rule details are provided below and it works fine for users of our Test Domain.
Now we have certain users which are part of trusted Domain and they are added to the some local group in our Domain. We have checked the claim but all Group membership for those users are not coming. Only the group membership from users Domain are reflected but not the trusted Domain.
Is there a way to achieve it
Rule:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("groups"), query = ";memberOf;{0}", param = c.Value);
1 answer
Sort by: Most helpful
-
Vahid Ghafarpour 18,210 Reputation points
2023-08-27T06:06:10.8866667+00:00