...
$issuanceTransformRules = '@RuleName = "Send MPASSid Attributes"c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("mpassUserIdentity", "mpassGivenName", "mpassSurname", "mpassAccountName", "mpassLearnerId", "mpassSchoolCode", "mpassClassLevel", "mpassClassCode", "mpassUserRole", "mpassLearningMaterialsCharge","mpassNickName"), query = ";objectGuiD,givenName,sn,userPrincipalName,<learnerId>,<schoolCode>,<classLevel>,<classCode>,<userRole>,<learningMaterialsCharge>,<nickName>;{0}", param = c.Value);' ;
$issuanceAuthorizationRules = '@RuleTemplate = "AllowAllAuthzRule" => issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");'
$name = "mpass-proxy"
Set -ADFSRelyingPartyTrust -TargetName $name -IssuanceAuthorizationRules $issuanceAuthorizationRules -IssuanceTransformRules $issuanceTransformRules
|
Huom! mpassAccountName
ei ole pakollinen uusissa adfs-integraatioissa. Sen voi myös poistaa vanhoista, jos asiasta sovitaan ensin MPASSid tuen kanssa.
Useamman koulukoodin lähettäminen ja muut moniarvoiset attribuutit
...
Send MPASSid Attributes
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" , Issuer == "AD AUTHORITY" ]
=> issue(store = "Active Directory" , types = ( "mpassUserIdentity" , "mpassAccountName" , "mpassGivenName" , "mpassSurname" , "mpassLearnerId", "mpassSchoolCode" , "mpassClassLevel" , "mpassClassCode" , "mpassUserRole", "mpassLearningMaterialsCharge" ,"mpassNickName" ), query = ";objectGuiD,userPrincipalName,givenName,sn,<learnerId>,<schoolCode>,<classLevel>,<classCode>,<userRole>,<learningMaterialsCharge> ,<nickName> ;{0}" , param = c.Value);
|
Huom! mpassAccountName
ei ole pakollinen uusissa adfs-integraatioissa. Sen voi myös poistaa vanhoista, jos asiasta sovitaan ensin MPASSid tuen kanssa.
Esimerkkejä erilaisista claim ruleista
...