Active Directory Federated Services Custom Claim Descriptions

---> super hard and should be worth 1 * 10 ^50th points. <---

Here is the info:

high level goal: we added a new service provider that requires to us to have an identity provider which can reference data about our users. One the pieces of data they need is stored in our "description" field in AD. We are using ADFS as our identity provider ostensibly because it works well with Active Directory.

My plan is to add a custom "Claim Description" to reference a specific field in AD. Normally, this is done by navigating to the AD FS 2.0 ---> services ---> Claim Descriptions and adding:

Display Name
Claim identifier

The claim identifier is the problem. The current URIs available map to certain fields in AD. There does not seem to be a URI for the "description" field in AD (not the one above). I need to be able to reference "description" field in AD as a claim description that shows up in AD so that it's reflexed in the AD FS metadata file.

When I try to add arbitrary values to experiment, the server won't even generate the metadata file giving me this error:

The Federation Service was unable to create the federation metadata document as a result of an error.
Document Path: /FederationMetadata/2007-06/FederationMetadata.xml

Additional Data

Exception details:
Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializationException: ID0014: The value 'test123' must be an absolute URI.
   at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteDisplayClaim(XmlWriter writer, DisplayClaim claim)
   at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteWebServiceDescriptorElements(XmlWriter writer, WebServiceDescriptor wsDescriptor)
   at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteApplicationServiceDescriptor(XmlWriter writer, ApplicationServiceDescriptor appService)
   at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor)
   at Microsoft.IdentityModel.Protocols.WSFederation.Metadata.MetadataSerializer.WriteMetadata(Stream stream, MetadataBase metadata)
   at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataListener.OnGetContext(IAsyncResult result)

I have no idea how to make this work.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CCUITAdminAuthor Commented:
We reinstalled ADFS and it started working.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.