Tag: blank target style title
In the previous article, we've completed relying party trusts that add Exchange in ADFS, and we'll go on to share the claim rule configuration for Exchange.
First, we open the ADFS snap-in, then expand the adfs-trust relationship-relying party trust, select the relying party trust for the OWA that we created earlier, and then click Edit Claim rule on the right.
650) this.width=650; "title=" clip_image001 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" clip_image001 "src=" http://s3.51cto.com/wyfs02/M02/5B/83/ Wkiom1ukh4trg0a7aag91ehoqhs027.jpg "" 644 "height=" 456 "/>
In the Issuance transformation rule, click Add Rule.
650) this.width=650; "title=" clip_image002 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M01/5B/83/ Wkiom1ukh4bb7hgtaaezkwcxczs974.jpg "" 443 "height=" 484 "/>
On the Select Rule Template page, select Send claims using a custom rule.
650) this.width=650; "title=" clip_image003 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" clip_image003 "src=" http://s3.51cto.com/wyfs02/M00/5B/83/ Wkiom1ukh4mjpng-aaghefd0gue856.jpg "" 598 "height=" 484 "/>
Then on the Configure Rules page, follow these settings:
Claim name:
Activedirectoryusersid
Custom rules:
C:[type = = "Http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer = = "AD Authority"]
= = Issue (store = "Active Directory", types = ("Http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" ), query = "; ObjectSID; {0} ", param = c.value);
650) this.width=650; "title=" clip_image004 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M00/5B/7D/ Wkiol1ukilejnwfdaagk8j8fqsk903.jpg "" 598 "height=" 484 "/>
Add a rule second rule
Claim name:
Activedirectoryusersid
Custom rules:
C:[type = = "Http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer = = "AD Authority"]
= = Issue (store = "Active Directory", types = ("Http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"), query = "; TokenGroups (SID); {0} ", param = c.value);
650) this.width=650; "title=" clip_image005 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" clip_image005 "src=" http://s3.51cto.com/wyfs02/M01/5B/7D/ Wkiol1ukilqqkbjqaaglbqhq9hw534.jpg "" 599 "height=" 484 "/>
Then declare the third rule:
Rule name:
Activedirectoryupn
Custom rules:
C:[type = = "Http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer = = "AD Authority"]
= = Issue (store = "Active Directory", types = ("HTTP://SCHEMAS.XMLSOAP.ORG/WS/2005/05/IDENTITY/CLAIMS/UPN"), query = " ; userPrincipalName; {0} ", param = c.value);
650) this.width=650; "title=" clip_image006 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M02/5B/7D/ Wkiol1ukil2htqm9aagox2niluk179.jpg "" "height=" 484 "/>
When you are finished, we should see three rules on the Issuance Conversion rules page.
650) this.width=650; "title=" clip_image007 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image007 "src=" http://s3.51cto.com/wyfs02/M01/5B/7D/ Wkiol1ukimcd6c32aafvqsenwgy682.jpg "" 443 "height=" 484 "/>
We have completed the transformation rule configuration for relying party trusts, and the configuration on the ADFS side is complete.
Exchange and ADFS Single sign-on part 6:exchange claim rule configuration