Sending Multiple Attributes from WS1 to ADFS

Posted on by steveidm

If you have followed the documentation for ADFS Integration with WS1, you configured the WS1 to send “${user.domain}\${user.userName}” as the NameID. However, you will probably need to send additional attributes in case other applications are looking for things like UPN. The following is how you would configure this:

  1. Under Attribute Mapping, enter the Name of the Attribute using Microsoft Schema syntax. The following is a list of common attributes:
    1. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email
    2. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    3. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    4. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
  2. Enter the Attribute Name and the matching value:

ADFS Configuration

  1. Under Claims Provider Trusts, edit the claims for the Workspace ONE Claims Provider Trust
  2. Add a Rule
  3. Select the attribute and pass all values.
  4. Save
  5. In the Relying Party Trust
  6. Edit the claims
  7. Create a New Transform Rule to Set the NAME to the UPN

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s