ClassLink Support Docs

ClassLink Support Documentation

Welcome to the ClassLink Support Docs page. You'll find comprehensive guides and documentation to help you start working with ClassLink as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Search results for "{{ search.query }}"

No results found for "{{search.query}}". 
View All Results

Set Up Claims Rules

From the AD FS manager, right-click on your new Relying Party Trust and select Edit Claim Rules...

In the Edit Claim Rules window, click Add Rule...

Rule 1. Send Claims Using a Custom Rule

  1. Chose the appropriate Rule Template
  1. Name the Claim Rule 'nameidgenerator'
  2. Paste the follow text into the Custom Rule box

c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
&& c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"]
=> add(store = "_OpaqueIdStore", types = ("http://mycompany/internal/sessionid"), query = "{0};{1};{2};{3};{4}", param = "useEntropy", param = c1.Value, param = c1.OriginalIssuer, param = "", param = c2.Value);

  1. Click Finish and add another Rule.

Rule 2. Transform an Incoming Claim

  1. Select appropriate Rule Template and click Next
  1. Claim rule name: 'nameidtransform'
  2. Incoming claim type: manually type the following URL: http://mycompany/internal/sessionid
  3. Outgoing claim type: Name ID
  4. Outgoing name ID format: Transient Identifier
  5. Select Pass through all claim values.
  1. Click Finish and add a third rule.

Rule 3. Send LDAP Attributes as Claims

  1. Select appropriate template and click Next.
  1. Claim rule name: Data
  2. Attribute store: Active Directory
  3. Map the LDAP attributes as show below:

NOTE

The distinguishedname LDAP Attribute and the Distinguished Name Outgoing Claim Type must be typed manually and are case sensitive.

  1. Click Finish

Next: Authentication Policies

Set Up Claims Rules