For reference, this is the default claims set from AAD:
Claims from ClaimsIdentity
| Claim Type | Claim Value |
|---|---|
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | QY7TN_h.....vFbw9IKD-nY |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | joe.bloggs@company.com |
| http://schemas.microsoft.com/identity/claims/tenantid | 4ef13bb.....a8291aeded |
| http://schemas.microsoft.com/identity/claims/objectidentifier | 8f803ba.........63-eacba54 |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | joe.bloggs@company.com |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | joe |
| http://schemas.microsoft.com/identity/claims/displayname | joe bloggs |
| http://schemas.microsoft.com/identity/claims/identityprovider | https://sts.windows.net/4e.....df-ad5a8d/ |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent | Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path | /adfs/ls/ |
| http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork | true |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id | 0000.....0-0080e7 |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid | https://my-pc/WebApp-ADFS-DotNet/ |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip | 111.11.111.111 |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod | http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant | 2015-12-13T19:12:58.920Z |
Sadly, there is no way currently to alter this default set other than to use Microsoft Graph to get the claims yourself.
Note that because AAD is built on a Graph platform, a lot of the values are actually GUID's.
Enjoy!
No comments:
Post a Comment