Problem with mapped identity claim

Jan 18, 2013 at 3:53 PM
Edited Jan 18, 2013 at 3:55 PM

Hi, first thanks for the great work - I'm hoping it will save me a lot of effort. I do however have a problem.

Our SSO provider uses a claim for the username of ""

When configuring the SSO provider I've set up a claim mapping so that the nameidentifier is mapped to the standard upn claim:

$claimURI = ""
$map1 = New-SPClaimTypeMapping -IncomingClaimType $claimURI -IncomingClaimTypeDisplayName "SSO UPN Claim" -LocalClaimType ""

But I'm having problems with LDAPCP because it reports the following error:

Impossible to continue because identity claim "" is missing in the list of attributes to query. Please use method PopulateAttributesDefinition() to add it 

Looking at the code in LDAPCP.CS it appears that the PopulateActualAttributesList method captures claims provided by the provider into a collection, then searches that collection to make sure that the identity claim is there. Unfortunately the first loop will be looking at the unmapped claim type, which doesn't exist in the claim to LDAP mappings so is ignored, meaning that the check for the identity claim then fails



Jan 21, 2013 at 9:36 AM

hello Pete,

indeed it looks like a bug, I'll have a look at it and let you know quickly.




Jan 21, 2013 at 9:51 AM

Thanks Yvan