Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

{
"MetadataAddress": "https://adfs.cloud.weir/FederationMetadata/2007-06/FederationMetadata.xml",
"Wtrealm": "https://onelist-dev.cloud.weir/"
}

Azure AD configuration

Poweshell script to add custom claim:

  1. Modified the App Registration Manifest: "acceptMappedClaims": true,
  2. New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema":[{"Source":"user","ID":"onpremisessamaccountname","JwtClaimType":"onpremisessamaccountname"}]}}') -DisplayName "ExtraClaimsSAMAccountName" -Type "ClaimsMappingPolicy"
  3. Get the Service principal for the app id:  Get-AzureADServicePrincipal -Filter "servicePrincipalNames/any(n: n eq 'the app id')"
  4. Assigned policy to the Service Principal:  Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>

DO NOT use the .Net MicrosoftAccount provider for Azure AD because it uses OAuth flow and won't be able to get custom claims. Only OIDC flow can retrieve custom claims.

...