Solved

ADFS UPN to email translation

Posted on 2014-03-14
9
735 Views
Last Modified: 2014-04-20
Hello,
We are currently in the process of setting up Single Sign On with an external party that is using our email address as the sign in. I have configured a claims rule that i have attached that I believe should transform the UPN in the an email address. Is this the correct way of setting this up?
ADFS-Claims-Rule.PNG
0
Comment
Question by:Damon Rodriguez
  • 5
  • 3
9 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39931719
It depends upon what type of incoming claims (Attribute) your ADFS server is accepting and what type of outgoing claim type (Attribute) ADFS server needs to send which is acceptable by opposite side

Please ask relying party for exact configuration because this is totally custom configuration and they can turn it as they want

If you are looking for SharePoint SSO, then check below post
http://technet.microsoft.com/en-us/library/hh305235(v=office.15).aspx

Mahesh
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39934094
Hello,

Why are you using a transform rule? You should be able to just setup a new Claim Rule that maps the e-mail addresses LDAP attribute to the Name ID.

Email address to NameID Claim Rule
0
 

Author Comment

by:Damon Rodriguez
ID: 39937479
The company that we are setting this up with has stated that they don't help with the actual setup of ADFS on our side. They let us know what they need from. I didn't even know that they expected our email addresses instead of our AD loginfor 2 weeks. And I found out about it because someone from the internal test group let me know...

I created a transform rule because I was going by whatever documentation the company had presented to me and I wanted to match it up as close as possible. Their documentation was screenshots created by another company. Anyway thanks for quick responses.

jjmck I will try to use this rule that you presented and let you know if it works.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:Damon Rodriguez
ID: 39937946
Ok. Tried it but it didn't work.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39938834
The code is written in application that wants to federate with your active directory

Hence you cannot decide what attributes need to be exchanged

You need to ask relying party (to whom with you are going to build federated trust) for attributes and claims mapping

Most of the relying party have this well documented and they can provide you step by step document upon your request

Mahesh
0
 

Author Comment

by:Damon Rodriguez
ID: 39942445
You would think they do however the person I have been speaking with has been pretty...unhelpful. She basically just sent an email stating that they are setup to accept whatever we logon with and then told me that would be email. I calmly pointed out that we do not sign in with our Email addresses but use UPN. I asked if they can change their settings in the back end to further test this. I was also told to call Microsoft to see how set this up??? We are currently testing SSO with ADP and that works flawlessly. Management is not being lenient with this so I'm pretty much stuck dealing with this company.
0
 

Accepted Solution

by:
Damon Rodriguez earned 0 total points
ID: 39953932
We found the issue. We had to refresh our certificate a couple of weeks ago and it was never applied on their end. I really thought I would receive a certificate error on our end but this is what they told me.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40001892
This is expected because ideally you don't have much from ADFS front
0
 

Author Closing Comment

by:Damon Rodriguez
ID: 40011148
The issue was resolved by the 3rd party.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question