...
{
"MetadataAddress": "https://adfs.cloud.weir/FederationMetadata/2007-06/FederationMetadata.xml",
"Wtrealm": "https://onelist-dev.cloud.weir/"
}
Azure AD configuration
Poweshell script to add custom claim:
- https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-claims-mapping
- https://devblogs.microsoft.com/premier-developer/adding-user-optional-and-mapped-claims-in-the-azure-ad-authentication-token/
- Modified the App Registration Manifest: "acceptMappedClaims": true,
- New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema":[{"Source":"user","ID":"onpremisessamaccountname","JwtClaimType":"onpremisessamaccountname"}]}}') -DisplayName "ExtraClaimsSAMAccountName" -Type "ClaimsMappingPolicy"
- Get the Service principal for the app id: Get-AzureADServicePrincipal -Filter "servicePrincipalNames/any(n: n eq 'the app id')"
- Assigned policy to the Service Principal: Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>
DO NOT use the .Net MicrosoftAccount provider for Azure AD because it uses OAuth flow and won't be able to get custom claims. Only OIDC flow can retrieve custom claims.
...