How to configure static attributes in ADFS

How to configure static attributes in ADFS

Published: 12/22/2014
Some service providers require global values for all users to be passed in the SAML assertion. This article describes how to set static attribute values for this purpose and assumes that a Relying Party trust has already been set up in ADFS. If you need information on how to set up ADFS as an identity provider to a PingOne service provider, please see this knowledgebase articleSetting static attributes can be especially useful if ADFS identity providers are federated to applications via the PingOne manual connection. In this example the service provider requires a global attribute called "companyID" and a value for this set up will be "Ping."

To set up a static attribute take the following steps:

1. Open the ADFS admin panel, select your PingOne "Relying Party Trust" connection and click "Edit Claim Rules..."

User-added image


2. Click "Add Rule..."

User-added image

3. In the drop-down, select "Send Claims Using a Custom Rule" then click "Next"

User-added image

4. Under "Claim rule name" enter a name for your custom claim rule. This field has no impact on what is sent in the SAML assertion. It is used to keep track of the custom claim rule in ADFS only. 

The "Custom rule" field is where you will tell ADFS exactly what attribute and value to send in the SAML assertion. The language is as follows "=> issue(Type = "AttributeName", Value = "AttributeValue");" The "Type=" is set to the attribute name which must match what the service provider requires. "Value" is the static value that will be passed with the attribute name in the SAML response to the service provider during SSO login. For this example, the service provider requires a static attribute called "companyID" with a value in our case of "Ping." applying this requirement to the ADFS language gives a statement of => issue(Type = "companyID", Value = "Ping"); which gets entered into the field as shown:

Once the custom rule has been entered, click "Finish"

User-added image

5. When completed, you will see the following screen that shows a custom rule has been set. Click "OK" to complete the set up.

User-added image

Each rule can contain one static attribute. If you need to add more static attributes, repeat the steps above.





 
KB or other URL: