An ADFS rule is composed of a condition, the =>
token, a command (issue
or add
), and terminated with a semicolon. You cannot issue multiple literals per rule, but you can use powershell to make it easier to work with.
Instead of going in the UI, and going through that wizard 5 times, you can use Set-AdfsRelyingPartyTrust
to set all of the rules at once.
Set-RelyingPartyTrust -TargetName SharePoint_Prod -IssuanceTransformRulesFile c:\drop\rules.txt
where rules.txt looks like
c:[Type == incomingClaim, Value =~ incomingMatch] => issue(Type = type1, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = value1, ValueType = c.ValueType);
c:[Type == incomingClaim, Value =~ incomingMatch] => issue(Type = type2, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = value2, ValueType = c.ValueType);
c:[Type == incomingClaim, Value =~ incomingMatch] => issue(Type = type3, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = value3, ValueType = c.ValueType);
c:[Type == incomingClaim, Value =~ incomingMatch] => issue(Type = type4, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = value4, ValueType = c.ValueType);
c:[Type == incomingClaim, Value =~ incomingMatch] => issue(Type = type5, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = value5, ValueType = c.ValueType);
The difference relative to the UI? I used copy and paste.
Best Answer
The Information Card Foundation (ICF) was maintaining such a list at: http://wiki.informationcard.net/index.php?title=Claim_Catalog#Well_Known_Claims
Since informationcard slowly disappeared the site isn't available anymore, too. Luckily you can still access it, thanks to archive.org: https://web.archive.org/web/20140823181452/http://wiki.informationcard.net:80/index.php?title=Claim_Catalog#Well_Known_Claims
You may also refer to the OASIS Identity Metasystem Interoperability Version 1.0: http://docs.oasis-open.org/imi/identity/v1.0/os/identity-1.0-spec-os.html#_Toc229451870 (Although that's probably the OASIS source you already discovered)