Page Comparison - Manual attribute releases with ADFS Toolkit (v.13 vs v.14) - SWAMID

...

    ### Cert-manager (Sectigo)
        $TransformRules = [Ordered]@{}
        $TransformRules.eduPersonPrincipalName = $AllTransformRules.eduPersonPrincipalName
        $TransformRules.displayName = $AllTransformRules.displayName
        $TransformRules.givenName = $AllTransformRules.givenName
        $TransformRules.mail = $AllTransformRules.mail
        $TransformRules.sn = $AllTransformRules.sn
        $TransformRules.schacHomeOrganization = $AllTransformRules.schacHomeOrganization
        $TransformRules.eduPersonEntitlement = [PSCustomObject]@{
           Rule=@"
              @RuleName = "Set eduPersonEntitlement for AL2 users"
                           c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value == "<group name containing all AL2 users>"]
                           => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.7", Value = "urn:mace:terena.org:tcs:personal-user", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
                           "@
              Attribute="http://schemas.xmlsoap.org/claims/Group"
        }
        
        $IssuanceTransformRuleManualSP["https://cert-manager.com/shibboleth"] = $TransformRules
    ###

Digicert

    ### Digicert
        $TransformRules = [Ordered]@{}
        $TransformRules["eduPersonPrincipalName"] = $AllTransformRules["eduPersonPrincipalName"]
        $TransformRules["displayName"] = $AllTransformRules["displayName"]
        $TransformRules["mail"] = $AllTransformRules["mail"]
        $TransformRules["schacHomeOrganization"] = $AllTransformRules["schacHomeOrganization"]
        $TransformRules["eduPersonEntitlement"] = $AllTransformRules["eduPersonEntitlement"]
        $IssuanceTransformRuleManualSP["https://www.digicert.com/sso"] = $TransformRules
    ###

You also need to the following changes to the SP in the AD FS Management Console:

...

InAcademia

    ### Inacademia
        $TransformRules = [Ordered]@{}
        $TransformRules.transientid = [PSCustomObject]@{
        Rule=@"
            @RuleName = "synthesize persistent-id"
                c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"]
                => add(store = "_OpaqueIdStore", types = ("urn:adfstk:persistentid"), query = "{0};{1};{2}", param = "ppid", param = c.Value, param = c.OriginalIssuer);
            @RuleName = "issue persistent-id"
                c:[Type == "urn:adfstk:persistentid"]
                => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", 
                Issuer = c.Issuer, 
                OriginalIssuer = c.OriginalIssuer, 
                Value = c.Value, ValueType = c.ValueType, 
                Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", 
                Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]", 
                Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)");
         "@
         Attribute=""
         }
         $IssuanceTransformRuleManualSP["https://inacademia.org/metadata/inacademia-simple-validation.xml"] = $TransformRules
    ###

...

Versions Compared

Old Version 13

New Version Current

Key

Digicert

InAcademia