ADFS自定义声明以返回组DN

时间:2017-02-05 05:40:40

标签: adfs3.0

我没有好好写一个自定义声明规则来返回用户组的distinguishedName而不仅仅是组的名称。是否有任何ADFS自定义声明规则忍者可以帮助我应对这一挑战?

例如,默认返回是MYGroupName,但我需要返回CN = MyGroupName,OU = Groups,DC = Domain,DC = local

1 个答案:

答案 0 :(得分:0)

@Pierre在ADFS论坛上回答了this

供参考:

c1:[Type ==" http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",Issuer ==" AD AUTHORITY"]  &安培;&安培; c2:[Type ==" http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"]  =>问题(商店=" Active Directory",types =(" http://group/DN"),query ="(&(objectClass = group)(objectSID = { 1})); distinguishedName; {0}",param = c1.Value,param = c2.Value);