question

SkipHofmann-5788 avatar image
0 Votes"
SkipHofmann-5788 asked sikumars answered

Duplicate ADFS claims in Azure

Hello
First time working with saml . Can you please help me understand how to duplicate the below claims from ADFS in Azure?
137485-image.png


azure-ad-saml-sso
image.png (31.6 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, we are investigating your issue and will update you shortly.

Best,
James

0 Votes 0 ·
SkipHofmann-5788 avatar image
0 Votes"
SkipHofmann-5788 answered

Okay, thank you

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered

Hi @SkipHofmann-5788 , I saw that you posted a very similar question here last week: https://docs.microsoft.com/en-us/answers/questions/563987/how-to-duplicate-claim-in-azure-enterprise-apps.html

Did this answer not solve your question? Or was there something else you needed? Please let me know and I can help you further.

Best,
James

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SkipHofmann-5788 avatar image
0 Votes"
SkipHofmann-5788 answered

looking for guidance on how to configure the claim rule in Azure. The provided answer didnt mention how to create the same claim rule in azure

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sikumars avatar image
0 Votes"
sikumars answered

Hello @SkipHofmann-5788,

I did repro on my lab and here are my finings.

The following attributes ( user.mail , user.displayname, user.givenname & user.surname ) of users would get synchronized when you have Azure AD hybrid setup in place, here are list of attributes that are synchronized to Azure AD so configuring additional claims would be straight forward except this custom attribute "UMassISISD" which need additional configuration as explained below to achieve.


Steps to create claims to send following attributes ( user.mail , user.displayname, user.givenname & user.surname )


Click on Add new claim from SAML-based Sign-on and select appropriate "Source attribute" also type in "Namespace" as shown below:

145775-image.png

Steps to create claims to send custom attribute like "UMassISISD" as NameID


Firstly, you need perform directory extensions as explained here to extend the schema in Azure Active Directory (Azure AD) with your own attributes (like "UMassISISD" ) from on-premises Active Directory.

Once that has completed then you must see your own custom attribute in extension format like extension_1234xxxxxxxxxx789_UMassISISD from source attribute drop down as shown below when you configure NameID format. To know more about NameID format and supported attributes , then refer this guidance . Hope this helps.


145852-image.png




Please "Accept the answer" if the information helped you. This will help us and others in the community as well.




image.png (90.2 KiB)
image.png (71.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.