Use E-mail Address as the Name ID
To use E-mail Address as the Name ID:
- For Claim rule template, select
Send LDAP Attributes as Claims, and then click
Next.
- Provide a Claim rule name (ex: E-mail Attribute).
- For Attribute store, select Active Directory.
- Under Mapping of LDAP attributes to outgoing claim types, select E-mail-Addresses for LDAP Attribute and E-mail Address for Outgoing Claim Type.
-
Click OK.
- Click Add Rule.
- For Claim rule template, select
Transform an Incoming Claim, and then click
Next.
- Provide a Claim rule name (ex: E-mail Address).
- Incoming claim type: select E-mail Address.
- Outgoing claim type: select Name ID.
- Outgoing name ID format: select Email.
- Select the Select Pass through all claim values radio button.
-
Click OK.
After completing the above steps, change the following:
- Under Trust Relationships (left-hand side), select Relying Party Trusts, and then double-click the entry for the CSM Relying Party.
- Click the Advanced tab.
- Select the Secure Hash Algorithm specified on the SAML Settings - Service Provider page. SHA-1 and SHA-256 are supported. For details, refer to Configure CSM as a SAML Service Provider.
-
Click OK.