Add Attributes Mapping to the Relying Party Trust

Examples of CAS Configurations > AD FS as the CAS and IdP for ThingWorx > Example: AD FS as Central Auth Server and Identity Provider > Configuring Authentication with AD FS (SAML) > Add Attributes Mapping to the Relying Party Trust

1. In AD FS, click Relying Party Trusts in the left menu.

2. Right click on the Relying Party Trust and click Edit Claim Issuance Policy.

3. In the Edit Claim Issuance Policy window, click Add Rule.

4. In the next window, click Next.

5. Provide the following information to configure the new claim rule:

◦ Claim rule name – Enter a name for the new claim rule.

◦ Attribute store – Active Directory.

◦ Mapping of LDAP attributes to outoing claim types – Fill in the attributes as shown in the following image. For more information about the LDAP attributes, see the LDAP Attributes Table below the image.

LDAP Attributes Table
LDAP Attribute	Outgoing Claim Type	Metadata Attribute Name	Notes
Display-Name	Name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Unique user name
E-Mail-Addresses	E-Mail Address	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress	User’s e-mail, if provided
SAM-Account-Name	Name ID		Empty
Is-Member-Of-DL	Group	http://schemas.xmlsoap.org/claims/Group	User’s groups
User-Principal-Name	UPN	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn	Unique name in e-mail format: [email protected]

6. When the claim rule attributes are configured, click Finish.

7. On the next screen, click OK.

Was this helpful?