自定义声明规则 - 如何将域名写入传出声明? [英] Custom Claim Rules - How to write domain name into outgoing claim?
问题描述
我创建了一个自定义规则,根据在SAML断言内发送的nameidentifier声明值,输出AD用户的sAMAccountName AD FS 2.0 STS。 sAMAccountName本身也作为nameidentifier输出。
I created a custom rule that outputs the sAMAccountName of an AD user based on a nameidentifier claim value that is send inside a SAML Assertion to the AD FS 2.0 STS. The sAMAccountName itself is outputted as nameidentifier as well.
所以 例如 我得到"messe"作为AD FS STS SAML断言中的名称声明。我想使用此SAML断言来使用.Net Web服务。但是为了根据这个nameidentifier声明执行登录,我想.Net Web服务还需要
才能知道域名。
So for instance I get "messe" as nameidentier claim in the AD FS STS SAML Assertion. I want to use this SAML Assertion to consume a .Net Web Service. But to perform a logon based on this nameidentifier claim I guess the .Net Web Service also needs to know the domain name.
1。是否需要域名才能执行登录?
1. Is the domain name required to perform a logon?
2。如何更改我的自定义规则,以便在"messe"之前获取域名,例如" mydomain\messe" ;? Wil我可能需要几条规则?
2. How to change my custom rule in order to get the domain name before the "messe", e.g. "mydomain\messe"? Wil I perhaps need several rules?
thx,
MEssE
推荐答案
没有人知道如何在规则中获取域名?可能吗?我是走错路吗?
No one knows how to get the domain name in the rules? Is it possible? Am I on the wrong path?
其他方式:我如何了解如何评估SAML断言以登录声明感知Web服务。特别是我指的是WIF样本ClaimsAwareWebService,其中使用FederatedServiceCredentials.ConfigureServiceHost(serviceHost,
配置)设置servicehost。对于这种情况,开发的STS会发出一个名称声明,我猜是用于身份验证。
Other way round: How can I learn about how SAML assertion is evaluated to log on a Claims Aware Web Service. Particularly I am referring to the WIF sample ClaimsAwareWebService where the servicehost is setup using FederatedServiceCredentials.ConfigureServiceHost(serviceHost, configuration). For this scenario the developed STS issues a name claim which is used for authentication I guess.
ClaimType :http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
ClaimValue:mydomain\messe
ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
ClaimValue : mydomain\messe
这就是为什么我坚持在名称声明中拥有域名。但如果是更好的方式,请告诉我。
That's why I stick to have the domain in the name claim. But if threre's a better way, just let me know.
这篇关于自定义声明规则 - 如何将域名写入传出声明?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
