Microsoft ADFS 2.0 doesn't have a valid mapping for the Account claims type. In the event that you want to retrieve the Account ID dynamically from an Active Directory attribute instead of hard-coding it, you can create a custom Claim rule that queries the Active directory and assigns it as type "Account". Below are the steps to do this.
1. Open ADFS 2.0 Mangement snap-in
2. Choose your Relying Party for NetSuite and click "Edit Claim Rules"
3. Click "Add Rule" and choose "Send Claims Using a Custom Rule"
4. Assign a name for the claim rule and type in the following for the custom rule (please note that this sample will get the account number from the Company attribute of the currently logged in user from the Active Directory):
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("account"), query = ";company;{0}", param = c.Value);
No comments:
Post a Comment