---> super hard and should be worth 1 * 10 ^50th points. <---
Here is the info:
high level goal: we added a new service provider that requires to us to have an identity provider which can reference data about our users. One the pieces of data they need is stored in our "description" field in AD. We are using ADFS as our identity provider ostensibly because it works well with Active Directory.
My plan is to add a custom "Claim Description" to reference a specific field in AD. Normally, this is done by navigating to the AD FS 2.0 ---> services ---> Claim Descriptions and adding:
The claim identifier is the problem. The current URIs available map to certain fields in AD. There does not seem to be a URI for the "description" field in AD (not the one above). I need to be able to reference "description" field in AD as a claim description that shows up in AD so that it's reflexed in the AD FS metadata file.
When I try to add arbitrary values to experiment, the server won't even generate the metadata file giving me this error:
The Federation Service was unable to create the federation metadata document as a result of an error.
Document Path: /FederationMetadata/2007-06/FederationMetadata.xml
Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializationException: ID0014: The value 'test123' must be an absolute URI.
at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteDisplayClaim(XmlWriter writer, DisplayClaim claim)
at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteWebServiceDescriptorElements(XmlWriter writer, WebServiceDescriptor wsDescriptor)
at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteApplicationServiceDescriptor(XmlWriter writer, ApplicationServiceDescriptor appService)
at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor)
at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteMetadata(Stream stream, MetadataBase metadata)
at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataListener.OnGetContext(IAsyncResult result)
I have no idea how to make this work.