Private/Get-ADFSTkTransformRule.ps1
|
function Get-ADFSTkTransformRule { param ( $Type, $Oid, $AttributeName, $AttributeGroup ) $currentAttribute = $Settings.configuration.storeConfig.attributes.attribute | ? type -eq $Type if ($currentAttribute -is [System.Array]) { Write-ADFSTkLog (Get-ADFSTkLanguageText rulesTypeConfiguredMoreThanonce -f $Type, $currentAttribute.count, $Global:CurrentInstitutionConfig) -MajorFault } if ($currentAttribute.store -eq "Static") { $rule = "" $currentAttribute.value | % { $rule += @" @RuleName = "Send static $AttributeName = $_" c:[] => issue(Type = "$Oid", Value = "$_", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ } $transformRule = [PSCustomObject]@{ Rule=$rule Attribute="" AttributeGroup=$AttributeGroup } } else { if ($currentAttribute -ne $null -and $currentAttribute.HasAttribute('useGroups') -and $currentAttribute.useGroups.ToLower() -eq 'true' -and $currentAttribute.HasAttribute('claimOrigin') ) { $useAttributeGroup = $true } else { $useAttributeGroup = $false } if ($useAttributeGroup) { # Claim origin is not consistent or may want to be flexible here: # "http://schemas.xmlsoap.org/claims/Group" was the old one, but we want what the config says it is. $groupClaimOrigin=$currentAttribute.claimOrigin $rules = "" foreach ($group in $currentAttribute.group) { $rules += @" @RuleName = "Transform $AttributeName from group $($group.name)" c:[Type == "$($groupClaimOrigin)", value == "$($group.name)"] => issue(Type = "$Oid", Value = "$($group.value)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ } $transformRule = [PSCustomObject]@{ Rule=$rules Attribute="$($groupClaimOrigin)" AttributeGroup=$AttributeGroup } } else { if ($currentAttribute.restrictedvalue.count -gt 0) { $rules = "" foreach ($restrictedvalue in $currentAttribute.restrictedvalue) { $rules += @" @RuleName = "Transform $($currentAttribute.name) = $restrictedvalue" c:[Type == "$Type", value == "$restrictedvalue"] => issue(Type = "$Oid", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ } $transformRule = [PSCustomObject]@{ Rule=$rules Attribute="$Type" AttributeGroup=$AttributeGroup } } else { $transformRule = [PSCustomObject]@{ Rule=@" @RuleName = "Transform $AttributeName" c:[Type == "$Type"] => issue(Type = "$Oid", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="$Type" AttributeGroup=$AttributeGroup } } } } return $transformRule } |