Problem with mapped identity claim

Jan 18, 2013 at 4:53 PM
Edited Jan 18, 2013 at 4:55 PM

Hi, first thanks for the great work - I'm hoping it will save me a lot of effort. I do however have a problem.

Our SSO provider uses a claim for the username of "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"

When configuring the SSO provider I've set up a claim mapping so that the nameidentifier is mapped to the standard upn claim:

$claimURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
$map1 = New-SPClaimTypeMapping -IncomingClaimType $claimURI -IncomingClaimTypeDisplayName "SSO UPN Claim" -LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"

But I'm having problems with LDAPCP because it reports the following error:

Impossible to continue because identity claim "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" is missing in the list of attributes to query. Please use method PopulateAttributesDefinition() to add it 

Looking at the code in LDAPCP.CS it appears that the PopulateActualAttributesList method captures claims provided by the provider into a collection, then searches that collection to make sure that the identity claim is there. Unfortunately the first loop will be looking at the unmapped claim type, which doesn't exist in the claim to LDAP mappings so is ignored, meaning that the check for the identity claim then fails

Thanks

Pete

Jan 21, 2013 at 10:36 AM

hello Pete,

indeed it looks like a bug, I'll have a look at it and let you know quickly.

cheers,

Yvan

 

Jan 21, 2013 at 10:51 AM

Thanks Yvan