Adding the Identity2 claim

Active Directory Federation Services must be configured to emit the User Principal Name as an Identity2 claim type.

When Infor Federation Services is installed, the Identity2 claim type is already configured.

In the AD FS snap-in, complete these steps:

  1. Select the Claim Descriptions node under AD FS > Service.
  2. Click the Add Claim Description link in the Actions pane.
    Display name

    Specify Identity2.

    Claim identifier

    Specify http://schemas.infor.com/claims/Identity2.

  3. Select both check boxes. Click OK.
  4. Select AD FS > Trust Relationships > Claims Provider Trust.
  5. Click Edit Claim Rules and add rule 1:
    Template

    Send LDAP Attributes as Claims

    Name

    Attribute extractions from Active Directory

    Attribute store

    Active Directory

    LDAP Attribute

    User-Principal-Name

    Outgoing Claim Type

    UPN

  6. Click Finish. Then, add rule 2:
    Template

    Send Claims Using a Custom Rule

    Claim rule name

    Emit Identity2; copy the UPN.

    Custom rule: 
    c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
 => issue(Type = "http://schemas.infor.com/claims/Identity2", Issuer
= c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
  7. Click Finish.