...
$issuanceTransformRules = '@RuleName = "Send MPASSid Attributes"c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("mpassUserIdentity", "mpassGivenName", "mpassSurname", "mpassAccountName", "mpassLearnerId", "mpassSchoolCode", "mpassClassLevel", "mpassClassCode", "mpassUserRole", "mpassLearningMaterialsCharge","mpassNickName"), query = ";objectGuiD,givenName,sn,userPrincipalName,<learnerId>,<schoolCode>,<classLevel>,<classCode>,<userRole>,<learningMaterialsCharge>,<nickName>;{0}", param = c.Value);';
$issuanceAuthorizationRules = '@RuleTemplate = "AllowAllAuthzRule" => issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");'
$name = "mpass-proxy"
Set-ADFSRelyingPartyTrust -TargetName $name -IssuanceAuthorizationRules $issuanceAuthorizationRules -IssuanceTransformRules $issuanceTransformRules
|
Huom! mpassAccountName ei ole pakollinen uusissa adfs-integraatioissa. Sen voi myös poistaa vanhoista, jos asiasta sovitaan ensin MPASSid tuen kanssa.
Useamman koulukoodin lähettäminen ja muut moniarvoiset attribuutit
...
Send MPASSid Attributes
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("mpassUserIdentity", "mpassAccountName", "mpassGivenName", "mpassSurname", "mpassLearnerId", "mpassSchoolCode", "mpassClassLevel", "mpassClassCode", "mpassUserRole", "mpassLearningMaterialsCharge","mpassNickName"), query = ";objectGuiD,userPrincipalName,givenName,sn,<learnerId>,<schoolCode>,<classLevel>,<classCode>,<userRole>,<learningMaterialsCharge>,<nickName>;{0}", param = c.Value);
|
Huom! mpassAccountName ei ole pakollinen uusissa adfs-integraatioissa. Sen voi myös poistaa vanhoista, jos asiasta sovitaan ensin MPASSid tuen kanssa.
Esimerkkejä erilaisista claim ruleista
...