September 1, 2011
After you have setup your SQL Attribute Claims Store in ADFS. If you want to use it and in fact test it you must set up a claims rule that makes use of it. To do this you must create a claim using a custom rule, which allows you to employ the claims rule language.
The following technet entry is a good start as it illustrates how to enter a SQL Query and even a stored procedure.
SQL Query:
c:[Type == “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
=> issue(store = “SQLClaims”, types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = “SELECT myID from employees where @myp={0}”, param = c.Value);
Stored Procedure:
c:[Type == “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
=> issue(store = “SQLClaims”, types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = “EXEC dbo.test @myp={0}”, param = c.Value);
Note that the parameter{0} is not surrounded by single quotes.
One may ask what gets passed in as the parameter? The incoming claim value of course. In this case the emailaddress as defined in the c:[Type == “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
One might also ask what happens if I make a query or stored procedure that returns more than one value? Your claims transformation rule adds all the resulting values to the token as claims of the same type.
One might also ask what happens if my query or stored procedure returns more than one column? An error results and the whole process fails.
http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices