Add Relying Party Trust
...
5. Add "EdSmart_RelyingParty" as display name.
6. Give permissions to the Group.click next/finish.
Here the group will be any group that needs to use SSO. Make sure that all users who will use SSO, are member of this group.
...
8. Copy the claim rule language text. and save it in notepad. we need it in next stuffstep.
click ok. and comeback to Edit claim issuance policy window.
...
now we need to replace the highlighted URL to simply role(see next screenshot)
12. "URL" replaced with "role". Click finish.
13. you can remove the previously created MembershipRule
...
14. We need to add another rule. Select Send Claims Using a Custom Rule
15. Fill details and click finish.
- Claim rule name: AttributeDataRule
- custom rule: paste below text(its a custom rule) :
| No Format |
|---|
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("UserID", "mail", "givenName", "sn", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"), query = ";mail,mail,givenName,sn,mail;{0}", param = c.Value); |
16. you are done it.
| Info |
|---|
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...