The Unspecified Name Identifier format is the default for a newly created WS Federation service provider, but this name identifier format does not work with the ADFS federation server. Additionally, some Group Claims (Adatum ClaimApp Claim and Adatum TokenApp Claim) must be satisfied to gain access to the SharePoint server.
On the WS Federation page, click the name of the TreyResearch service provider.
Click Attributes, then specify the following details:
|
Field |
Description |
|---|---|
|
Attribute set |
Select the WS Federation attribute set you created. |
|
Send with authentication |
Move the All Roles attribute to Send with authentication. |
Click Apply, then click Authentication Response.
Select E-mail for the Name Identifier Format.
Select LDAP Attribute:mail [LDAP Attribute Profile] as the value for the e-mail identifier.
Click OK > OK.
Update Identity Server.
Continue with Setting Up Roles for ClaimApp and TokenApp Claims.