Create a text file called ClaimIssuanceRules.txt (the filename doesn't matter, just name it anything descriptive you like), the content of the files are as follows:
@RuleTemplate = "PassThroughClaims"
@RuleName = "Pass Through UPN"
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(claim = c);
@RuleTemplate = "PassThroughClaims"
@RuleName = "Pass Through Primary SID"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"]
=> issue(claim = c);
@RuleTemplate = "MapClaims"
@RuleName = "Transform Windows Account Name to Name"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType
= c.ValueType);
Then run the following PowerShell command
Add-ADFSRelyingPartyTrust -Name CRMTrust -MetadataUrl "https://YOURCRMServerURL/FederationMetadata/2007-06/FederationMetadata.xml" -IssuanceTransformRulesFile "C:\ClaimIssuanceRules.txt" -AutoUpdateEnabled:$true -MonitoringEnabled:$true
In the above command you need to change the name parameter to the Display name of the Relying Party Trust (this is the Display name you will see in ADFS interface). Change the Host of the MetadataUrl parameter to that of your CRM server. Change the -IssuanceTransformRulesFile
to the path of the file you created in the first step.
http://sherifelmetainy.blogspot.com/
