Main Nav

Is there anybody out there using ADFS that has successfully federated with InCommon and Educase, and would be willing to share their claims rules?

As well as additional claims descriptions they added to support the eduPerson attributes? I have successfully setup both Relying Party Trusts but I’ve been unable to get a complete set of claims rules for all the key attributes.

 

Thank you for any assistance you can provide.

 

 

CJ Mizner

Information Management & Technology

 

University of Northern Colorado

Campus Box 19

Snyder Hall, Rm 092

Greeley, CO 80639

Office: 970-351-1782

www.unco.edu

 

AttachmentSize
image001.jpg3.85 KB

Comments

That’s what I have been using but unfortunately I still get the error that I’m missing Key attributes. It would be great if anybody out there that has completed it could just post their claims rules that are working.

 

This what I use for CP claim rules in ADFS (for a shibb-based CP):

 

This is for ePSA, a scoped attribute:

c:[Type == "urn:oid:1.3.6.1.4.1.5923.1.1.1.9", Value =~ "^.+@utsystem.edu$"]

=> issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.9/eduPersonScopedAffiliation", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);

 

This is for mail, a non-scoped attribute:

c:[Type == "urn:oid:0.9.2342.19200300.100.1.3"]

=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);