Start Free TrialLog in
Avatar of K B
K BFlag for United States of America

asked on 

ADFS: How would one include over 600 IP addresses in a claim rule?

Is there an effective method for doing this with "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip"?

What would the best syntax be?  I would like to wrap PowerShell around it so it will be repeatable should the list change by 20 or 30 IP addresses for example.

I have seen this syntax but am unsure which is "best"

c2:[Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip",
Value =~ "^(bxxx.xxx.xxx.xxx|xxx.xxx.xxx.xxxb)"]

Open in new window


Thank you.
Powershell* Active Directory Federation Services (ADFS)Active DirectoryMicrosoft 365
Avatar of undefined
Last Comment
K B
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
use regex rules in your adfs setings

Please see if this article applies https://blogs.technet.microsoft.com/askds/2012/06/26/an-adfs-claims-rules-adventure/
Avatar of K B
K B
Flag of United States of America image

ASKER

I guess what I am asking is do you shove all 600 IP addresses in one claim rule?

Also is this something you have done before.
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of K B
K B
Flag of United States of America image

ASKER

these are 600 ips that are not contiguous .. also they may come and go as the locations close and open
Avatar of K B
K B
Flag of United States of America image

ASKER

Would still like to hear if anyone has done this from a DB or a list that changes regularly.
Active Directory
Active Directory

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent