ADFS 声明规则字符串连接可能吗?
ADFS claims rules string concatenation possible?
我是 adfs 声明规则的新手,但我设法配置了法线映射。现在我的客户要求我在传入的 LDAP 属性前面添加 4 个静态字母,例如“1234”。例如,在 "E-Mail-Addresses" 属性前添加“1234”。
我已阅读声明规则语言语法,但无法找到添加函数。
示例规则如下。
@RuleName = "add temp claim email to pipeline as a var for processing"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://temp.org/emailaddress"), query = ";mail;{0}", param = c.Value);
@RuleName = "massage var to issue real email claim"
c:[Type == "http://temp.org/emailaddress"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = "1234" + c.Value);
当 AD 邮件属性具有 john@contoso.com 作为属性值时,这将导致发出值为 1234john@contoso.com 的电子邮件声明。
您应该复习一下 https://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx,因为它有很多很好的语法示例。
然后根据 https://adfshelp.microsoft.com/ClaimsXray/TokenRequest 创建 claimsxray 依赖方并测试您的规则。一旦你有了一套有效的规则,你就可以在真正预期的依赖方上使用它们。
我是 adfs 声明规则的新手,但我设法配置了法线映射。现在我的客户要求我在传入的 LDAP 属性前面添加 4 个静态字母,例如“1234”。例如,在 "E-Mail-Addresses" 属性前添加“1234”。 我已阅读声明规则语言语法,但无法找到添加函数。
示例规则如下。
@RuleName = "add temp claim email to pipeline as a var for processing"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://temp.org/emailaddress"), query = ";mail;{0}", param = c.Value);
@RuleName = "massage var to issue real email claim"
c:[Type == "http://temp.org/emailaddress"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = "1234" + c.Value);
当 AD 邮件属性具有 john@contoso.com 作为属性值时,这将导致发出值为 1234john@contoso.com 的电子邮件声明。
您应该复习一下 https://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx,因为它有很多很好的语法示例。
然后根据 https://adfshelp.microsoft.com/ClaimsXray/TokenRequest 创建 claimsxray 依赖方并测试您的规则。一旦你有了一套有效的规则,你就可以在真正预期的依赖方上使用它们。