Use E-mail Address as the Name ID

To use E-mail Address as the Name ID:

  1. For Claim rule template, select Send LDAP Attributes as Claims, and then click Next.

    SAML E-mail Attribute

  2. Provide a Claim rule name (ex: E-mail Attribute).
  3. For Attribute store, select Active Directory.
  4. Under Mapping of LDAP attributes to outgoing claim types, select E-mail-Addresses for LDAP Attribute and E-mail Address for Outgoing Claim Type.

  5. Click OK.

  6. Click Add Rule.
  7. For Claim rule template, select Transform an Incoming Claim, and then click Next.

    SAML E-mail Address Attribute

  8. Provide a Claim rule name (ex: E-mail Address).
  9. Incoming claim type: select E-mail Address.
  10. Outgoing claim type: select Name ID.
  11. Outgoing name ID format: select Email.
  12. Select the Select Pass through all claim values radio button.

  13. Click OK.

After completing the above steps, change the following:

  1. Under Trust Relationships (left-hand side), select Relying Party Trusts, and then double-click the entry for the CSM Relying Party.
  2. Click the Advanced tab.
  3. Select the Secure Hash Algorithm specified on the SAML Settings - Service Provider page. SHA-1 and SHA-256 are supported. For details, refer to Configure CSM as a SAML Service Provider.

  4. Click OK.

© Copyright 2018 Cherwell Software, LLC. All rights reserved.