Configuring Custom Roles Claim Rule (Example) - Cloud

Talend Cloud Single Sign-On (SSO) Configuration Guide
Version
Cloud
Language
English
Product
Talend Cloud
Module
Talend Management Console
Content
Administration and Monitoring > Managing users

Procedure

  1. In the Add Transform Claim Rule Wizard, select Send Claims Using a Custom Rule from the drop-down list, then click Next.
  2. Enter a Claim rule name, Name and Email.

    Example

  3. Enter the configuration to the Custom rule field. 
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("email", "given_name", "family_name"), query = ";mail,givenName,sn;{0}", param = c.Value);
  4. Click Finish.
  5. In the Edit Claim Issuance Policy for... window, click Add Rule....
  6. Select Send Claims Using a Custom Rule from the drop-down list, then click Next.
  7. Enter a Claim rule name, NameId. Note that you must have defined the Name and Email custom rule before defining this NameId rule because NameId depends on Name and Email.
  8. Enter the configuration to the Custom rule field.

    Example

    c:[Type == "email"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
  9. Click Finish.
  10. In the Edit Claim Issuance Policy for... window, click Add Rule....
  11. Select Send Claims Using a Custom Rule from the drop-down list, then click Next.
  12. Enter a Claim rule name, TalendCloudDomainName.
  13. Enter the configuration to the Custom rule field. 
    =>  issue(Type = "TalendCloudDomainName", Value = "<Domain>");
    In this example, <Domain> is the name to be used as TalendCloudDomainName, for example, tho.talend.com. This makes the value in this field read like
    =>  issue(Type = "TalendCloudDomainName", Value = "tho.talend.com");
    • If you already logged in Talend Cloud, find the account name in the Domain field of the Subscription page of your Talend Management Console.
    • Otherwise, three options are available for you to find your domain. For more details, see Find domains.
    If you want to map the TalendCloudDomainName value from your Active Directory, use the code reading like:
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("TalendCloudDomainName"), query = ";department;{0}", param = c.Value);

    In this example, the value of the department attribute is taken for TalendCloudDomainName. The value to be used for this department attribute is still the Domain to be found on the Subscription page of your Talend Management Console.

  14. Click Finish.