Solved

ADFS UPN to email translation

Posted on 2014-03-14
9
756 Views
Last Modified: 2014-04-20
Hello,
We are currently in the process of setting up Single Sign On with an external party that is using our email address as the sign in. I have configured a claims rule that i have attached that I believe should transform the UPN in the an email address. Is this the correct way of setting this up?
ADFS-Claims-Rule.PNG
0
Comment
Question by:Damon Rodriguez
  • 5
  • 3
9 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39931719
It depends upon what type of incoming claims (Attribute) your ADFS server is accepting and what type of outgoing claim type (Attribute) ADFS server needs to send which is acceptable by opposite side

Please ask relying party for exact configuration because this is totally custom configuration and they can turn it as they want

If you are looking for SharePoint SSO, then check below post
http://technet.microsoft.com/en-us/library/hh305235(v=office.15).aspx

Mahesh
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39934094
Hello,

Why are you using a transform rule? You should be able to just setup a new Claim Rule that maps the e-mail addresses LDAP attribute to the Name ID.

Email address to NameID Claim Rule
0
 

Author Comment

by:Damon Rodriguez
ID: 39937479
The company that we are setting this up with has stated that they don't help with the actual setup of ADFS on our side. They let us know what they need from. I didn't even know that they expected our email addresses instead of our AD loginfor 2 weeks. And I found out about it because someone from the internal test group let me know...

I created a transform rule because I was going by whatever documentation the company had presented to me and I wanted to match it up as close as possible. Their documentation was screenshots created by another company. Anyway thanks for quick responses.

jjmck I will try to use this rule that you presented and let you know if it works.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Damon Rodriguez
ID: 39937946
Ok. Tried it but it didn't work.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39938834
The code is written in application that wants to federate with your active directory

Hence you cannot decide what attributes need to be exchanged

You need to ask relying party (to whom with you are going to build federated trust) for attributes and claims mapping

Most of the relying party have this well documented and they can provide you step by step document upon your request

Mahesh
0
 

Author Comment

by:Damon Rodriguez
ID: 39942445
You would think they do however the person I have been speaking with has been pretty...unhelpful. She basically just sent an email stating that they are setup to accept whatever we logon with and then told me that would be email. I calmly pointed out that we do not sign in with our Email addresses but use UPN. I asked if they can change their settings in the back end to further test this. I was also told to call Microsoft to see how set this up??? We are currently testing SSO with ADP and that works flawlessly. Management is not being lenient with this so I'm pretty much stuck dealing with this company.
0
 

Accepted Solution

by:
Damon Rodriguez earned 0 total points
ID: 39953932
We found the issue. We had to refresh our certificate a couple of weeks ago and it was never applied on their end. I really thought I would receive a certificate error on our end but this is what they told me.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40001892
This is expected because ideally you don't have much from ADFS front
0
 

Author Closing Comment

by:Damon Rodriguez
ID: 40011148
The issue was resolved by the 3rd party.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question