Support issuing tokens with custom NameFormat for issued claims

Categories

Open all | Close all

Support issuing tokens with custom NameFormat for issued claims

April 26, 2024

By default, NameFormat of all the claims that Identify returns to a service provider is urn:oasis:names:tc:SAML:2.0:attrname-format:basic. Issuing claims that have a custom NameFormat can be done either by using External Claims Transformation or Scripting Claim Transformation. For instance, you can create a Scripting Claim Transformation using Identify*Admin and put in the code snippet below:

foreach (var identity in ClaimsPrincipal.Identities)
{
foreach (var claim in identity.Claims)
{
claim.Properties[“http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename”] = “urn:custom:name:format”;
}
}

Apply that claim transformation to a connection and perform a login.

Here is the result:
Before applying the transformation:

<Attribute Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/role” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
<AttributeValue>SystemSetupAdmin</AttributeValue>
</Attribute>
<Attribute Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/role” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
<AttributeValue>UserAdmin</AttributeValue>

After:

<Attribute Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/role” NameFormat=”urn:custom:name:format”>
<AttributeValue>SystemSetupAdmin</AttributeValue>
</Attribute>
<Attribute Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/role” NameFormat=”urn:custom:name:format”>
<AttributeValue>UserAdmin</AttributeValue>

Was this helpful ?Good Somewhat Bad

Related posts:

  1. Claim transformation – Transform some claims into KOMBIT OIOSAML Basic Privilege Profile
  2. How to setup LDAP login provider for Identify
  3. Saml 2.0: SAML 2.0 connection settings now support more standard elements found in metadata
  4. Claims Administration