Configuring Custom Roles Claim Rule (Example) - 7.1

Configuring Talend Administration Center SSO with AD FS 3.0

author
Talend Documentation Team
EnrichVersion
7.1
EnrichProdName
Talend Big Data
Talend Big Data Platform
Talend Cloud
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
task
Administration and Monitoring > Managing authorizations
EnrichPlatform
Talend Administration Center

Procedure

  1. In the Add Transform Claim Rule Wizard, select Send Claims Using a Custom Rule from the drop-down list, then click Next.
  2. Enter a Claim rule name, for example, EmailAddress.
  3. Enter the configuration to the Custom rule field.
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
    => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = ";mail;{0}", param = c.Value);
  4. Click Finish.
  5. In the Edit Claim Rules for... window, click Add Rule....
  6. Select Send Claims Using a Custom Rule from the drop-down list, then click Next.
  7. Enter a Claim rule name, for example, NameId.
  8. Enter the configuration to the Custom rule field.
    c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
    => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", Value = c.Value);
  9. Click Finish.
  10. In the Edit Claim Rules for... window, click Add Rule....
  11. Select Send Claims Using a Custom Rule from the drop-down list, then click Next.
  12. Enter a Claim rule name, for example, Attributes.
  13. Enter the configuration to the Custom rule field.
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
    => issue(store = "Active Directory", types = ("firstName", "lastName", "tac.projectType", "tac.role"), query = ";givenName,sn,displayName,department;{0}", param = c.Value);
  14. Click Finish.