We help IT Professionals succeed at work.

ADFS:  How would one include over 600 IP addresses in a claim rule?

1,410 Views
Last Modified: 2018-02-08
Is there an effective method for doing this with "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip"?

What would the best syntax be?  I would like to wrap PowerShell around it so it will be repeatable should the list change by 20 or 30 IP addresses for example.

I have seen this syntax but am unsure which is "best"

c2:[Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip",
Value =~ "^(bxxx.xxx.xxx.xxx|xxx.xxx.xxx.xxxb)"]

Open in new window


Thank you.
Comment
Watch Question

David Johnson, CDSimple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
use regex rules in your adfs setings

Please see if this article applies https://blogs.technet.microsoft.com/askds/2012/06/26/an-adfs-claims-rules-adventure/
K B

Author

Commented:
I guess what I am asking is do you shove all 600 IP addresses in one claim rule?

Also is this something you have done before.
Simple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
K B

Author

Commented:
these are 600 ips that are not contiguous .. also they may come and go as the locations close and open
K B

Author

Commented:
Would still like to hear if anyone has done this from a DB or a list that changes regularly.