ADFS自定义规则“颁发者”才不是 [英] ADFS Custom Rule "Issuer" does not

问题描述

大家好，

在ADFS RPT中，我想定义一个自定义规则，如下所示：

Hi All,
In ADFS RPT I’m want to define a custom rule like following:

c：[Type ==" http://schemas.microsoft.com/ws / 2008/06 / identity / claims / windowsaccountname "]

  =>问题（类型=" http://schemas.xmlsoap.org / ws / 2005/05 / identity / claims / name "，


Issuer = "https：// mycompany / "，

OriginalIssuer ="https：// mycompany /"，

Value = c.Value，ValueType = c.ValueType）;

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
 => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
Issuer = "https://mycompany/",
OriginalIssuer = "https://mycompany/",
Value = c.Value, ValueType = c.ValueType);

上述规则确实将WindowsAccountName转换为name，但值为" Issuer "我更改为
https：// mycompany / 未更改，它保留旧值，即
https：// servername / adfs / services / trust "

The above rule does transform WindowsAccountName to name but the value of "Issuer" which I changed to https://mycompany/ is not changed it retains the old value i.e. https://servername/adfs/services/trust"

这是ADFS中的错误自定义声明规则或"Issuer"是一个只读属性？

Is this a bug in ADFS custom claims rule or is "Issuer" a readonly attribute?

谢谢，

Panther。

推荐答案

根据
何时使用转换声明规则，

"虽然声明规则语言允许设置声明的颁发者，但这通常是不可取的。声明的发行者未在令牌中序列化。收到令牌时，所有声明的Issuer属性都设置为签署该令牌的联合
服务器的标识符。因此，在规则中设置声明的发布者不会对令牌
的内容产生影响，并且一旦声明打包，设置就会丢失。设置声明的发布者的唯一方案是有意义的是，它是否设置为声明提供程序规则集中的特定值，并且依赖方规则集是使用引用此特定值的规则创作的
。如果Issuer属性未明确设置为声明规则中的值，则声明发布引擎会将其设置为"LOCAL AUTHORITY"。"

"While the claim rule language allows setting the Issuer of a claim, this is generally not advisable. The issuer of a claim is not serialized in the token. When a token is received the Issuer property of all claims is set to the identifier of the federation server that signed the token. Thus, setting the issuer of a claim in the rules will not have effect on the contents of the token and the setting will be lost once the claim is packaged in a token. The only scenario where setting the issuer of a claim makes sense is if it is set to a specific value in the claims provider rule set and relying party rule set is authored with rules that reference this specific value. If the Issuer property is not explicitly set to a value in a claim rule the claims issuance engine sets it to "LOCAL AUTHORITY"."

这篇关于ADFS自定义规则“颁发者”才不是的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！