Versions Compared

Old Version 5

changes.mady.by.user Toni Sormunen

Saved on

compared with

New Version 6

changes.mady.by.user Toni Sormunen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

$issuanceTransformRules '@RuleName = "Send MPASSid Attributes"c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("mpassUserIdentity", "mpassGivenName", "mpassSurname", "mpassAccountName", "mpassCryptID", "mpassLearnerId", "mpassMunicipalityCode", "mpassSchoolCode", "mpassClassLevel", "mpassClassCode", "mpassUserRole"), query = ";objectGuiD,givenName,sn,userPrincipalName,<cryptID><cryptId>,<learnerId>,<municipalityCode>,<schoolCode>,<classLevel>,<classCode>,<userRole>;{0}", param = c.Value);';
 
$issuanceAuthorizationRules '@RuleTemplate = "AllowAllAuthzRule" => issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");'
 
$name "mpass-proxy"
 
Set-ADFSRelyingPartyTrust -TargetName $name -IssuanceAuthorizationRules $issuanceAuthorizationRules -IssuanceTransformRules $issuanceTransformRules

...

Send MPASSid Attributes
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("mpassUserIdentity""mpassAccountName""mpassGivenName""mpassSurname""mpassCryptId", "mpassCryptIDmpassLearnerId""mpassMunicipalityCode""mpassSchoolCode""mpassClassLevel""mpassClassCode""mpassUserRole"), query = ";objectGuiD,userPrincipalName,givenName,sn,<cryptID>,<learnerId>,<municipalityCode>,<schoolCode>,<classLevel>,<classCode>,<userRole>;{0}", param = c.Value);

...

# Haetaan käyttäjän rooli AD:n employeeType attribuutista ja lisätään (add) se käyttäjän attribuutteihin
Add Employee Type as Role
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => add(store = "Active Directory", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/role"), query = ";employeeType;{0}", param = c.Value);
 
# Tutkitaan roolin arvo ja lähetetään eteenpäin (issue) arvoa vastaava tekstimuotoinen rooli
Send mpassUserRole henklökunta
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", Value =~ "^0" ]
 => issue(Type = "mpassUserRole", Value = "henkilökunta");
 
 
Send mpassUserRole oppilas
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", Value =~ "^1" ]
 => issue(Type = "mpassUserRole", Value = "oppilas");
 
 
Send mpassUserRole opettaja
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", Value =~ "^2" ]
 => issue(Type = "mpassUserRole", Value = "opettaja");

...