Configuring ADFS to send claims using custom rules

Open up the ADFS console.

Click trust relationships and then right-click relying party trust > Add Relying Party Trust as shown in the following image:

Open the Jive URL in a new tab and add saml/metadata to the end. For example:

https://giljive.eng.jiveland.com:8443/saml/metadata

If the file is not automatically downloaded as XML, download and rename it with a .xml extension.

In the ADFS Console, click Select Data Source > Import data about the relying third party from a file, as shown in the following image:

Type or browse to the Federation metadata file location, and then click Next.

Click Specify Display Name and enter the display name.

Click Configure Multi-factor > I do not want to configure multi-factor, then click Next.

Select Permit all users to access this relying third party, then click Next.

In the Ready to Add Trust step, click Next.

In the Finish step, select the Open the Edit Claims Rule dialog for this relying party trust when this wizard closes option.

When the Edit Claims Rules for Jive SSO Integration dialog box opens, click Add Rule, as shown in the following image:

In the Choose Rule Type step, select Send LDAP Attribute as Claims, then click Next.

In the Configure Claim Rule step, type the Claim rule name, select Active Directory, and then select or type the following information in the table exactly as it appears below for Mapping of LDAP attributes to outgoing claim types:

LDAP Attribute	Outgoing Claim Type
ObjectGUID	Name ID Note: There is a space after Name.
Given-Name	Given Name
Surname	Surname
E-Mail-Addresses	E-Mail Address

Click Finish.

Once again, use the Edit Claims Rules for Jive SSO Integration dialog box to add a new rule by clicking Add Rule.

In the Choose Rule Type step, select Send Claims Using a Custom Rule, then click Next.

Type in the following text in the Custom Rule text box, at the same time customizing the settings for your environment:

adfs3: Your ADFS server name.
iqc01.com: The correct domain.
ADFSClaimsID: The value you have entered as the Claims ID value in the SAML in the Jive Admin Console.
The transformation rule has four parts:
- Type == "…": The source of information defined as schema URL.
  For e-mail address:
```
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
```
  For User Principle Name (UPN):
```
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
```
- Type = "ADFSClaimsID": The name of the attribute ADFS sends to Jive on successful login. ADFSClaimsID is the name of the user mapping field to set in Jive’s SAML Admin Console. ADFS and Jive must match.
- Value = "i:05.t|adfs3.mydomain.com|" + c.Value: The Claims ID realized by SharePoint for user identification.
- ValueType = c.ValueType: The type is not used actively; it is a text field in Jive user profile. You can leave as is.
For more information on Claim Types, see ClaimTypes Members on Microsoft portal at https://docs.microsoft.com/en-us/previous-versions/windows-identity-foundation/ee727097(v=msdn.10).
Transformation Rules Examples
- E-mail-based ClaimsID
```
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(Type = "ADFSClaimsID", Value = "i:05.t|adfs3.mydomain.com|" + 
                                                        c.Value, ValueType = c.ValueType);
```
  Result: i:05.t|adfs3.mydomain.com|user@mydomain.com
- Classic NTLM ClaimsID
```
c:[Type == " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"] => issue(Type = "ADFSClaimsID", Value = " i:0#.w|mydomain\" + 
                                                        c.Value, ValueType = c.ValueType);
```
  Result: i:0#.w|mydomain\user1
  
  Customize these rules per customer to match the right Claims ID supported by the customer's SharePoint environment. The Claims ID can change from the examples above, except for the classic NTLM Claims ID that is standard when using NTLM authentication.
  
  You can check the User Diagnostic script to verify that Claims ID is supported by SharePoint.

Click OK, and then click Finish.