Big news–Insight + Ensynch

Insight to acquire Ensynch.
As my colleague Rebecca Croft said:
We are very excited about the union of Insight and Ensynch and the benefits that it will bring to our clients. Both companies are focused on helping our clients find innovative, cost effective solutions to address business needs. Bringing Ensynch into the Insight organization will offer clients more robust software services, particularly around Microsoft Enterprise Agreements, as well as improved services delivery, enhanced virtualization and cloud capabilities and solution-focused approach to software sales. This acquisition will further simplify our clients’ ability to acquire, procure, implement and manage IT solutions across their technology environment.
For more information, read the press release here, visit www.insight.com or www.ensynch.com, or contact me with any questions.

Get 15% off of FIM Best Practices Volume 1

Through Sept 26th get 15% of FIM Best Practices Volume 1 at lulu.com

Use the following code at checkout OKTOBERFEST305

Get 20% of FIM Best Practices Volume 1

 

Buy FIM Best Practices Volume 1 in Soft Cover or E-Book

Enter coupon code SEPTEMBER305 at checkout and receive 20% off your order. The maximum savings for this offer is $100. Offer expires on September 9 at 11:59 PM

Calling a stored procedure in an ADFS claims rule

After you have setup your SQL Attribute Claims Store in ADFS. If you want to use it and in fact test it you must set up a claims rule that makes use of it. To do this you must create a claim using a custom rule, which allows you to employ the claims rule language.

The following technet entry is a good start as it illustrates how to enter a SQL Query and even a stored procedure.

SQL Query:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]

=> issue(store = "SQLClaims", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = "SELECT myID from employees where @myp={0}", param = c.Value);

Stored Procedure:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]

=> issue(store = "SQLClaims", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = "EXEC dbo.test @myp={0}", param = c.Value);

Note that the parameter{0} is not surrounded by single quotes.

One may ask what gets passed in as the parameter? The incoming claim value of course. In this case the emailaddress as defined in the c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]

One might also ask what happens if I make a query or stored procedure that returns more than one value? Your claims transformation rule adds all the resulting values to the token as claims of the same type.

One might also ask what happens if my query or stored procedure returns more than one column? An error results and the whole process fails.

Troubleshooting SQL Attribute Stores with ADFS

Several others have showed how to define SQL attribute stores with ADFS.

Note that when entering the connection string there is no validation or feedback to the administrator. If there is a problem you usually won’t see it until you setup a claims rule that uses it and you get an error. So make certain to carefully build and test your connection string. Remember that if you use integrated authentication to connect to the SQL Server that it will run under the context of your ADFS Service account so you will need to grant your ADFS service account permissions to the SQL Server and Database.

Troubleshooting

For example you might get event 149

During processing of the Federation Service configuration, the attribute store 'SQLClaims' could not be loaded. 
Attribute store type: Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Sql.SqlAttributeStore, Microsoft.IdentityServer.ClaimsPolicy

User Action
If you are using a custom attribute store, verify that the custom attribute store is configured using AD FS 2.0 Management snap-in.

Additional Data
POLICY3906: Could not parse the parameter as a valid connection string.