ADFS +声明规则语言+字符串函数 [英] ADFS + Claim rule language + String functions

问题描述

我无法为下面的标准添加逻辑，任何人都可以帮我解决

1。从AD获取membeOf属性并需要遍历列表以查看用户是否是memberOf指定的Groups（多个）组

例如。如果user是memberOf admin group和memberof application group，那么应该执行其余的逻辑。

2。如果标准＃1是实现，那么在AD中检索另一个属性并仅传递字符串的一部分 

例如。组值为CN = DepartName = 12345，MarketName = 135393，XXXXXXX

仅传递12345和135393.

BR

Murt

解决方案

了解声明AD FS 2.0中的规则语言

AD FS 2.0：在声明规则语言中使用RegEx

声明规则对于memberof是：

c：[Type ==" http://schemas.microsoft.com/ws/ 2008/06 / identity / claims / windowsaccountname"，Issuer ==" AD AUTHORITY"]

=> add（store =" Active Directory"，types =（" http://test.com/phase1"），query =" ;; memberOf; {0}"，param = c.Value）;

这将为每个成员添加一个声明。

然后类似于：

c：[type ==" http://test.com/phase1 "，Value =〜" admin | application" ]


=> add（type =" http://test.com/phase2 "，value = c1.value）;

所以phase2只会有匹配。

然后在phase2上使用RegexReplace构造来操作字符串 - 这只是
笔直正则表达式。 

上面的第二个链接有一个非常好的例子类似于你想要做的事情。

但我怀疑你可能有重复。

Hi,

I am not able to add the logic for below criterias, can anyone please help me out

1. Get the membeOf attribute from AD and need to traverse the list to see if the user is a memberOf specified Groups (multiple) groups)

e.g. If user is memberOf admin group and memberof application group then rest of the logic should be executed.

2. If the criteria # 1 is achieve then retrieve an another attribute in AD and Pass only a part of string 

e.g. group value is CN=DepartName=12345,MarketName=135393,XXXXXXX

Pass only 12345 and 135393 only.

BR

Murt

解决方案

Understanding Claim Rule Language in AD FS 2.0

AD FS 2.0: Using RegEx in the Claims Rule Language

The claims rule for memberof is:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://test.com/phase1"), query = ";memberOf;{0}", param = c.Value);

This will add one claim for each memberof.

Then something like:

c:[type == "http://test.com/phase1", Value =~ "admin|application"]
=> add(type = "http://test.com/phase2", value = c1.value);

So phase2 will only have the matches.

Then use the RegexReplace construct on phase2 to manipulate the string - this is just straight regex. 

The second link above has a really good example pretty similar to what you want to do.

But I suspect you may have duplicates.

这篇关于ADFS +声明规则语言+字符串函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！