SSO Setup Guides: SAML Configuration: ADFS Claim Rules Guide/Example

John Dill -

This guide is only an example of a proper setup, and some values may change based on your configuration.

 

Setup Claim Rules on Your SAML Server

Edit Claim Rules

 

Edit Rule - Transform to Name ID

 

Edit Rule - UPN

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");

 

Edit Rule - E-mail Address from UPN

 

Now go to your Handshake SSO Preferences and specify the matching attribute value:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

 

If following our steps above exactly, this will be: 

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

 

Make sure to de-select "Requested authentication context?" before testing as you are using ADFS (This is also found on your Handshake SSO Preferences page)

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request