Extending the Single Sign-On Connector
The Identity Provider sends a list of key value pairs as claims. Common attributes have been added to the connector, however, this list is not exhaustive.
<fieldSets>
<fieldSet xsi:type="mappedFieldSet" fieldSetID="UserProperties" queryID="TheRow">
<field xsi:type="mappedField" fieldID="Email Address" fieldDisplay="Email Address" dataType="string" select="Email Address" />
<field xsi:type="mappedField" fieldID="User Name" fieldDisplay="User Name" dataType="string" select="User Name" />
<field xsi:type="mappedField" fieldID="First Name" fieldDisplay="First Name" dataType="string" select="First Name" />
<field xsi:type="mappedField" fieldID="Surname" fieldDisplay="Surname" dataType="string" select="Surname" />
<field xsi:type="mappedField" fieldID="Member Of" fieldDisplay="Member Of" dataType="string" select="Member Of" />
<field xsi:type="mappedField" fieldID="User Principal Name" fieldDisplay="User Principal Name" dataType="string" select="User Principal Name" />
<field xsi:type="mappedField" fieldID="Account Name" fieldDisplay="Account Name" dataType="string" select="Account Name" />
<field xsi:type="mappedField" fieldID="Company" fieldDisplay="Company" dataType="string" select="Company" />
</fieldSet>
</fieldSets>The claim names are user defined, although ADFS uses some standardised names by default.
Given Name in ADFS is sent as
Some of these names are mapped in code to a more user friendly value:
Adding New Claims to the ICNF File
Additional claims can be defined by the Identity Provider. To make them available to the connector, those claims must be added to the ICNF File.
To add support for a custom claim, you simply need to add a new field to the existing fieldSet.
Each SAML claim can define one or more values. E.g. a user could have multiple Email Addresses.
In this case, the claim values are received as a list. This list is then converted to a semi-colon separated string.
This value can then be parsed in the Resource Mapping by using a Transform.
Was this helpful?