使用objectGUID来声明什么是最好的架构？ [英] Using objectGUID for a claim what is the best schema to use?

问题描述

所以我可以指定一个objectGUID属性作为Active Directory声明，它可以很好地检索它。然而，它将其作为Base64编码值发送。

So i can specify as an Active Directory claim an objectGUID attribute and it retrieves it just fine. However it sends it as a Base64 encoded value.

有没有办法格式化它，就像通常看到SID所以没有特殊字符被发送，然后它不需要是Base64编码？

Is there a way to format it like the SID is normally seen so there are no special characters being sent and it then doesn't need to be Base64 encoded?

我希望有一个声明描述名称和模式我可以用于objectGUID，就像有主要SID一样。

I was hoping there was a Claim Description name and schema i could use for objectGUID like there is for Primary SID.

任何人都有一个以及如何将其添加到ADFS 2.0声明描述？

Does anyone have one and how to add it to ADFS 2.0 Claim Descriptions ?

推荐答案

我想知道你是否知道objectGUID是否出来AD Base64编码或者如果这是在断言中发生的事情？默认情况下，所有SAML断言都是Base64编码。

I am wondering if you knew if the objectGUID was coming out of AD Base64 encoded or if this was just what happened when it was put in the assertions? All of the SAML assertions are Base64 encoded by default.

我只是组成一个自定义声明描述命名空间，如
http://claims.mycompany.com/objectGUID 。

I would just make up a custom claim description namespace like http://claims.mycompany.com/objectGUID.

如果是AD中的Base64，那么您可以使用自定义规则存储，以便执行转换声明的存储过程。您可以使用类似的东西从Base64解码它：
http://www.sqlservercentral.com/scripts /其他/ 31309 / 。

If it is Base64 in AD then you could use a custom rule store so you could execute a stored procedure to transform the claim. You could use something like this to decode it from Base64: http://www.sqlservercentral.com/scripts/Miscellaneous/31309/.

谢谢，

这篇关于使用objectGUID来声明什么是最好的架构？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！