8,330 questions
Update:
I tried creating the policy with just the middle name transformation and it didn't take it. I did not like my Regex value of "..*" Not sure why. I am trying to find another transformation method that works.
Azure AD Policy SAML transformations using PowerShell
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 3%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Ron Manthe
1
Reputation point
Hello,
I am having issues getting my custom policy to work in PowerShell. I am trying to make two separate claim transformations for a SAML application. One is trying to strip all the leading zeros from the beginning of the SamAccountName and the other is removing the middle initial in the givenname field. My code is posted below. If anyone has any suggestions that would be great.
New-AzureADPolicy -Definition @('
{"ClaimsMappingPolicy":
{
"Version":1,"IncludeBasicClaimSet":"false",
"ClaimsSchema":[{"Source":"user","ID":"givenname"},
{"Source":"transformation","ID":"RemoveInitial","TransformationId":"RemoveTheInitial","SamlClaimType":"FIRST_NAME","JwtClaimType":"FIRST_NAME"},
{"Source":"user","ID":"surname","SamlClaimType":"LAST_NAME","JwtClaimType":"LAST_NAME"},
{"Source": "user","ID":"mail","SamlClaimType":"EMAIL","JwtClaimType":"EMAIL"},
{"Source":"user","ID":"onpremisessamaccountname"},
{"Source":"transformation","ID":"RemoveZeros","TransformationId":"RemoveTheZeros","SamlClaimType":"USER_ID","JwtClaimType":"USER_ID"}],
"ClaimsTransformations":[{"ID":"RemoveTheInitial","TransformationMethod":"RegexReplace","InputClaims":[{"ClaimTypeReferenceId":"givenname","TransformationClaimType":"sourceClaim"}],
"InputParameters":[{"ID":"regex","Value":".."},{"ID":"replacement","Value":""}],"OutputClaims":[{"ClaimTypeReferenceId":"RemoveInitial","TransformationClaimType":"outputClaim"}]},
{"ID":"RemoveTheZeros","TransformationMethod":"RegexReplace","InputClaims":[{"ClaimTypeReferenceId":"onpremisessamaccountname","TransformationClaimType":"sourceClaim"}],
"InputParameters":[{"ID":"regex","Value":"^0"},{"ID":"replacement","Value":""}],"OutputClaims":[{"ClaimTypeReferenceId":"RemoveZeros","TransformationClaimType":"outputClaim"}]}]
}
}
') -DisplayName "Hearsay-Sandbox-SAML-Policy" -Type "ClaimsMappingPolicy"
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Request_BadRequest
Message: Property definition has an invalid value.
InnerError:
RequestId: 135eb08f-2ec3-485a-9659-e51a5014607c
DateTimeStamp: Tue, 22 Feb 2022 03:20:04 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At line:1 char:1
- New-AzureADPolicy -Definition @('
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
- FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.NewPolicy
Windows for business Windows Server User experience PowerShell
Microsoft Security Microsoft Entra Microsoft Entra ID
25,081 questions
2 answers
Sort by: Most helpful
-
Ron Manthe 1 Reputation point
2022-02-22T18:38:26.267+00:00 -
Ron Manthe 1 Reputation point
2022-02-22T18:38:51.9+00:00 Regex value is actually "..*"
Sign in to comment -
-
Siva-kumar-selvaraj 15,721 Reputation points2022-02-28T19:22:00.143+00:00 @Ron Manthe , My apologies for the delay in answering.
Thanks for sharing your finding here which will benefit others in the community who are dealing with a similar problem. In addition, I would to like to share my findings here and hope this would also helpful.
**RegEx to Remove Middle Initial in a Given Name field : **
Example:1 Name for Example is John J Smith and Final outcome would be JohnSmith note: there is no spaces.
"InputParameters": [ { "ID": "regex", "Value": " . " }, { "ID": "replacement", "Value": "" } ]Example:2 Name for Example is John J Smith and Final outcome would be John Smith note: there is a space between first and last name.
"InputParameters": [ { "ID": "regex", "Value": " . " }, { "ID": "replacement", "Value": " " } ]RegEx to remove all the leading zeros :
"InputParameters": [ { "ID": "regex", "Value": "^0" }, { "ID": "replacement", "Value": "" } ]-----
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.-
Ron Manthe 1 Reputation point
2022-03-01T16:01:18.087+00:00 Good morning and thanks for the reply. I was able to get the policy to go through, but the claim is not passing through. I believe this is because the format of the givenname. Your example is John J. Here is what our naming convention is:
Givenname: John.J
There is a period seperating the first name and middle initial. That is why I attempted to use this regex - "..". I have also tried ".[a-z]". I don't think it likes the backslash.
I also tried using this regex "[[:punct:]][a-z]*" and I am unable to see the claim.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Rich Matheisen 47,901 Reputation points2022-03-01T16:08:49.72+00:00 How about this?
'[^a-z].$'
Sign in to comment -