I'm trying to implement a SAML 2.0 authentication against Windows ADFS for a web application. So far I succeeded in authenticating and getting what I need from ADFS by manually configuring the Relying Party Trust and the assigned Claim Rules.
Now I want to provide federation metadata for my application to make it easier to set up the required stuff in ADFS. However I can't figure out how to pass the required Claim Rules in that metadata.
Here's what I have so far:
<?xml version="1.0"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="dokuwiki-entity" validUntil="2015-03-24T20:30:16Z">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAssertionsSigned="true">
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<AssertionConsumerService index="1" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://perd.cosmo/dw-2014-01-13/doku.php?id=start"/>
<AttributeConsumingService index="1">
<ServiceName xml:lang="en">DokuWiki</ServiceName>
<RequestedAttribute isRequired="true" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail-Adresse" />
</AttributeConsumingService>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="en">DokuWiki</OrganizationName>
<OrganizationDisplayName xml:lang="en">DokuWiki</OrganizationDisplayName>
<OrganizationURL xml:lang="en">https://www.dokuwiki.org</OrganizationURL>
</Organization>
</EntityDescriptor>
From what I understand the RequestedAttribute should tell the ADFS to send me the user's E-Mail address upon authentication. Unfortunately after using this metadata to set up the Relying Party Trust no Claim Rules are set up.
Question: Is it possible to set up Claim Rules through metadata or has this always to be done manually? If it is possible where do I find the appropriate documentation?
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 疯言疯语 的文章《ADFS/SAML2.0 - How to set Claim Rules through Fede》','https://www.manongdao.com/article-717807.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}