我没有好好写一个自定义声明规则来返回用户组的distinguishedName而不仅仅是组的名称。是否有任何ADFS自定义声明规则忍者可以帮助我应对这一挑战?
例如,默认返回是MYGroupName,但我需要返回CN = MyGroupName,OU = Groups,DC = Domain,DC = local
答案 0 :(得分:0)
@Pierre在ADFS论坛上回答了this。
供参考:
c1:[Type ==" http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",Issuer ==" AD AUTHORITY"] &安培;&安培; c2:[Type ==" http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"] =>问题(商店=" Active Directory",types =(" http://group/DN"),query ="(&(objectClass = group)(objectSID = { 1})); distinguishedName; {0}",param = c1.Value,param = c2.Value);