You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »


There are several reasons why a SP could needs more attributes than provided in the Entity Categories provided

  • The SP don't live up to the demands for a specific Entity Category
  • The SP works with the provided attributes from the Entity Category but will 'look better' with added attributes
  • The SP has incorrect metadata in the feed and needs other attributes than provided from the Entity Category
  • The SP don't have any Entity Category but needs more attributes than transient-id
  • The SP is local for the institution so the attribute release can be done more freely 

To fix this ADFSToolkit allow the IdP administrator to make manual attribute releases for specific SP's.

The manual releases are added to the release from the Entity Categories, if any. If the same attribute is released in a Entity Category and also in a manual release the manual release will take over. 

How to make a manual attribute releases for SP's

In the /config folder you will find a PowerShell script with the name get-ADFSTkManualSPSettings.ps1.

This script contains a function that should contain all specific overrides for attribute releases for a given entity.

For a given entity, we:

  • create an empty TransformRules Hashtable
  • assign specific transform rules that have a corelating TransformRules Object
  • when complete, we insert the Ordered Hashtable transform into the Hashtable we return
  • We can also get clever and inject a transform rule into the hashtable rather than reference an existing one

The TransformRules Hashtable is provided in the top of the script and that Hashtable is returned in the end. It looks like this:

# Hashtable that we will return at the end of the function
$IssuanceTransformRuleManualSP = @{}
[manual releases]

If you want to add a manual release we recommend you add the following code where the manual releases is:

### Description of the SP
        $TransformRules = [Ordered]@{}
        $TransformRules.[TransformRule Object] = $AllTransformRules.[TransformRule Object]
        $IssuanceTransformRuleManualSP["[EntityID for the SP"] = $TransformRules

To find which TransformRule Objects that are available run the following command:



This will list all available TransformRule Objects.

To see how the TransformRule Objects are build up, look at the Import-ADFSTkAllTransformRules.ps1 in the /private folder of the module.

Known SP's that needs fixes


There are some SP's that we know needs attention to be able to work. Before you add any of them, please make sure they don't work as-is.

The PowerShell code provided for each SP should be copied to the get-ADFSTkManualSPSettings.ps1 script in the /config folder. 


        $TransformRules = [Ordered]@{}
        $TransformRules.'transient-id' = $AllTransformRules.'transient-id'
        $TransformRules.eduPersonTargetedID = $AllTransformRules.eduPersonTargetedID
        $TransformRules.eduPersonPrincipalName = $AllTransformRules.eduPersonPrincipalName
        $TransformRules.mail = $AllTransformRules.mail
        $TransformRules.displayName = $AllTransformRules.displayName
        $TransformRules.givenName = $AllTransformRules.givenName
        $ = $
        $TransformRules.eduPersonScopedAffiliation = $AllTransformRules.eduPersonScopedAffiliation
        $IssuanceTransformRuleManualSP[""] = $TransformRules


        $TransformRules = [Ordered]@{}
        $TransformRules.eduPersonUniqueID = $AllTransformRules.eduPersonUniqueID
        $IssuanceTransformRuleManualSP[""] = $TransformRules


    ### Digicert
        $TransformRules = [Ordered]@{}
        $TransformRules["eduPersonPrincipalName"] = $AllTransformRules["eduPersonPrincipalName"]
        $TransformRules["displayName"] = $AllTransformRules["displayName"]
        $TransformRules["mail"] = $AllTransformRules["mail"]
        $TransformRules["schacHomeOrganization"] = $AllTransformRules["schacHomeOrganization"]
        $TransformRules["eduPersonEntitlement"] = $AllTransformRules["eduPersonEntitlement"]
        $IssuanceTransformRuleManualSP[""] = $TransformRules

You also need to the following changes to the SP in the AD FS Management Console:

  • Change the Secure Hash from SHA256 to SHA1
  • Remove the encryption certificate

  • No labels