@RuleTemplate = "LdapClaims" @RuleName = "AD attributen" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("urn:mace:dir:attribute-def:uid", "urn:mace:dir:attribute-def:displayName", "urn:mace:dir:attribute-def:mail", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "urn:mace:dir:attribute-def:employeeNumber"), query = ";sAMAccountName,displayName,mail,userPrincipalName,employeeNumber;{0}", param = c.Value); @RuleTemplate = "EmitGroupClaims" @RuleName = "schacHomeOrganization" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-940114010-4055878564-832165062-513", Issuer == "AD AUTHORITY"] => issue(Type = "urn:mace:terena.org:attribute-def:schacHomeOrganization", Value = "hartingcollege.nl", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, ValueType = c.ValueType); @RuleTemplate = "EmitGroupClaims" @RuleName = "eduPersonAffiliation (employee)" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-940114010-4055878564-832165062-3601", Issuer == "AD AUTHORITY"] => issue(Type = "urn:mace:dir:attribute-def:eduPersonAffiliation", Value = "employee", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, ValueType = c.ValueType); @RuleTemplate = "EmitGroupClaims" @RuleName = "eduPersonAffiliation (student)" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-940114010-4055878564-832165062-3602", Issuer == "AD AUTHORITY"] => issue(Type = "urn:mace:dir:attribute-def:eduPersonAffiliation", Value = "student", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, ValueType = c.ValueType); @RuleTemplate = "EmitGroupClaims" @RuleName = "eduPersonEntitlement (SURFdrive)" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-940114010-4055878564-832165062-513", Issuer == "AD AUTHORITY"] => issue(Type = "urn:mace:dir:attribute-def:eduPersonEntitlement", Value = "urn:x-surfnet:surf.nl:surfdrive:quota:100", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, ValueType = c.ValueType); @RuleName = "schacPersonalUniqueCode" c:[Type == "urn:mace:dir:attribute-def:employeeNumber"] => issue(Type = "urn:schac:attribute-def:schacPersonalUniqueCode", Value = "urn:schac:personalUniqueCode:nl:local:hartingcollege.nl:employeeid:" + c.Value); @RuleName = "ImmutableID" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/UPN", "http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID"), query = "samAccountName={0};userPrincipalName,objectGUID;{1}", param = regexreplace(c.Value, "(?[^\\]+)\\(?.+)", "${user}"), param = c.Value);