ADFS 2.0 电子邮件地址声明转换

Question

我猜你使用声明提供商信任“Active Directory”上的规则来获取用户的电子邮件地址。你可以这样做：

创建一个新的声明描述，例如以下声明类型： http://schemas.xmlsoap.org/ws/2005/05/identity/claims/wrongemailaddress

替换您的 2 条规则：

AD CPT => get email from AD, put it in claim "emailaddress".
SaaS RPT => pass through claim "emailaddress".

有了这 3 个：

AD CPT => get email from AD, put it in claim "WRONGemailaddress".
AD CPT => get claim "WRONGemailaddress",
          replace the email suffix,
          put the new value in a claim "emailaddress"
          (you can do all of this with a rule "Transform an Incoming Claim" I think)
SaaS RPT => pass through claim "emailaddress".

因此，您只需修改一个信任的规则，即您的 AD 声明提供商信任。

Answer 1

我猜你使用声明提供商信任“Active Directory”上的规则来获取用户的电子邮件地址。你可以这样做：

创建一个新的声明描述，例如以下声明类型： http://schemas.xmlsoap.org/ws/2005/05/identity/claims/wrongemailaddress

替换您的 2 条规则：

AD CPT => get email from AD, put it in claim "emailaddress".
SaaS RPT => pass through claim "emailaddress".

有了这 3 个：

AD CPT => get email from AD, put it in claim "WRONGemailaddress".
AD CPT => get claim "WRONGemailaddress",
          replace the email suffix,
          put the new value in a claim "emailaddress"
          (you can do all of this with a rule "Transform an Incoming Claim" I think)
SaaS RPT => pass through claim "emailaddress".

因此，您只需修改一个信任的规则，即您的 AD 声明提供商信任。

ADFS 2.0 电子邮件地址声明转换

答案1

相关内容