Custom claim rules - adfs

i'm new to ADFS claim rules and struggling with a custom rule.
What i want to do is filter groups based on group names, and then return the matched groups as SIDs. I also want to return UPN, Email, Surname, GivenName and WindowsAccountName along with these, but the filtered groups are most important.
I've tried this with no success:
c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "(?i).+(Test|Test2).+"]
=> issue(Type = "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid");
Can anyone help me creating this rule or point me in the right direction? I would also appreciate an explanation of the rule if you bother.

You first need a rule to create the groups.
So in the wizard, set an LDAP rule.
On the LHS, choose, "Token-Groups - Unqualified Names".
On the RHS, choose "http://schemas.xmlsoap.org/claims/Group".
You now have something to run the regex on.
c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "(?i).+(Test|Test2).+"]
=> issue(Type = "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value=c.value);
What the rule says is take all claims of type "http://schemas.xmlsoap.org/claims/Group", run the regex, if true, create a groupsid claim with the value of the Group claim.
Note that if more than one group matches the regex, you will get multiple claims of type groupsid.
Also, look here for reference.

This gives the user params i want, filters groups based on names, and returns groups as both unqualified names and SIDs
Get groups:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";tokenGroups;{0}", param = c.Value);
Filter and issue groups:
c1:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "INSERT-REGEX-HERE"]
&& c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", "http://schemas.xmlsoap.org/claims/Group"), query = "(&(name={0}));objectSid,name;{1}", param = c1.Value, param = c2.Value);
Issue user params:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"), query = ";givenName,sn,mail,userPrincipalName,sAMAccountName;{0}", param = c.Value);

Related

ADFS claims rule iterate AD attribute

How do I iterate an AD attribute as a claims rule in ADFS?
More specifically, I'd like to check whether the user's proxyAddresses contains a predetermined domain, and if so, return that email as Name ID, else the the user's main email.
You would use regex on the claims rule to check for the domain and if there, issue the NameID claim.
Then use a "NOT EXISTS" rule.
So something like:
NOT EXISTS([Type == "http://contoso.com/NAMID"])
=> add(Type = "http://contoso.com/hasNAMEID", Value = "No");
Sample Rule 2:
c1:[Type == "http://contoso.com/hasNameID"] &&
c2:[Type == "http://contoso.com/email"]
=> issue(Type="http://contoso.com/email", Value=c2.value);
Using the normal email claim type etc.
And about 10 minutes after writing this, I found this example that shows the solution in more detail.
I played around a bit yesterday, and ended up with the following, which seems to work, but perhaps not the cleanest way?
Rule #1:
Regular attribute claim for Proxy-Addresses and User-Principal-Name
Rule #2:
c:[Type == "fake/proxyAddresses", Value =~ "subdomain.example.com$"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = RegExReplace(c.Value, "smtp:", ""));
Rule #3:
NOT EXISTS([Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"])
=> add(Type = "fake/UseUPN", Value = "Yes");
Rule #4:
c1:[Type == "fake/UseUPN"]
&& c2:[Type == "fake/UPN"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = c2.Value);

How to get count of certain record saved in Uppercase, lower or a combination using LINQ query

I need to get the count of IN / in / In from SoccerStatus regardless if the records are saved in upper case, lower case or a combination of both ie IN or in or In from SQLite database in Xamarin Forms. How can I achieve that ?
var count_in = (from x in conn.Table<SoccerAvailability>().Where(x => x.SoccerStatus == IN) select x).Count();
Use string.Equals and tell it to ignore case...
var count_in = (from x in conn.Table<SoccerAvailability>().Where(x => string.Equals(x.SoccerStatus, "IN", StringComparison.OrdinalIgnoreCase)) select x).Count();
EDIT: Per your comment I see that the Linq provider you're using doesn't support string.Equals. You can try the following which should be more portable but possibly a bit slower...
var count_in = (from x in conn.Table<SoccerAvailability>().Where(x => x.SoccerStatus.ToUpper() == "IN") select x).Count();

Database returns 0 instead of selected value in ASP.NET MVC

I would like to retrieve the userInfoId from the database and pass it into var where the Login username is Kenny. However, the value returned to u was 0 instead of the desired value. I have tried selecting another username but the result was still the same.
var u = Database.UserInfo
.Where(userinfo => userinfo.LoginUserName == "BEN")
.Select(x=> x.UserInfoId)
.FirstOrDefault();
Put some breakpoints and see what you have inside u, Use the query below and you should be good to go. Make sure the table/column names are correct according to your db.
int userInfoId = (from x in context.UserInfo
where x.LoginUserName == "Kenny"
select x.UserInfoId).SingleOrDefault());
if (userInfoId > 0){
// user exists and do what you wish to next
}
else {
// user does not exist
}

Retrieve Card Detail from Stripe Customer Id

Hi I am using stripe process for an payment and I am generating Stripe customer Id as from below code.
StripeCustomerId = CreateStripeCustomer(fname, lname, Email, objStripeRequestOptions);
Also
IEnumerable<StripeCard> AllStripeCardResponse = cardService.List(StripeCustomerId);
string strLast4 = CardNumber.Replace(" ", "").Substring(CardNumber.Replace(" ", "").Length - 4);
dynamic ExistingCard = (from x in AllStripeCardResponse where x.Last4 == strLast4 & x.ExpirationMonth == Convert.ToInt32(Month.Trim()) & x.ExpirationYear == Convert.ToInt32(Year.Trim()) select x).ToList();
it is giving existing card as 0
Can any one let me know how can I fetch Card Detail like card number, Name, Exp Month Year from Generated Stripe Customer Id?
You can't retrieve whole card info.
You can get some info from the source object which is present in the customer API.
Retrieving the source will provide you last 4 digit of card number and expiry date.
StripeConfiguration.SetApiKey("sk_test_BQokikJOvBiI2HlWgH4ol‌fQ2");
StripeConfiguration.SetApiKey("sk_test_BQokikJOvBiI2HlWgH4ol‌​fQ2");
var customerService = new StripeCustomerService();
StripeCustomer customer = customerService.Get("cus_BwS21a7fAH22uk");
, in response of customer you will have source attribute. please see the JSON response returned. it contains source list(lists of cards added.)
you will get sample object similar to this , here you can see last 4 digit of card is returned as object in my case it is 1111
#<Stripe::ListObject:0x5ea1a78> JSON: {
"object": "list",
"data": [
{"id":"card_1BY6nrCaMyPmWTcG3uosK2up","object":"card","address_city":null,"address_country":null,"address_line1":null,"address_line1_check":null,"address_line2":null,"address_state":null,"address_zip":null,"address_zip_check":null,"brand":"Visa","country":"US","customer":"cus_BvylB8PAVap2JQ","cvc_check":"pass","dynamic_last4":null,"exp_month":12,"exp_year":2017,"fingerprint":"yE1mPcIGvqTYGcxQ","funding":"unknown","last4":"1111","metadata":{},"name":null,"tokenization_method":null}
],
"has_more": false,
"total_count": 1,
"url": "/v1/customers/cus_BvylB8PAVap2JQ/sources"
}
Also See Below
var stripecard = "cus_BwS21a7fAH22uk";
StripeCustomer customer;
StripeConfiguration.SetApiKey(ConfigurationManager.AppSettings["StripeApiKey"].ToString());
var customerService = new StripeCustomerService();
customer = customerService.Get(stripecard);
ViewBag.last4card = customer.Sources.Data[0].Card.Last4.ToString();
ViewBag.ExpMonth = customer.Sources.Data[0].Card.ExpirationMonth.ToString();
ViewBag.ExpYear = customer.Sources.Data[0].Card.ExpirationYear.ToString();
ViewBag.Name = customer.Sources.Data[0].Card.Name.ToString();

Crossfilter grouping filtered keys

I have some json, for examle:
data = {
"name":"Bob","age":"20",
"name":"Jo","age":"21",
"name":"Jo","age":"22",
"name":"Nick","age":"23"
}
Next, I use crossfilter, create dimension and filter it:
let ndx = crossfilter(data);
let dim = ndx.dimension(d => d.name).filter(d !== "Jo");
//try to get filtered values
let filtered = dim.top(Infinity); // -> return 2 values where 'name'!='Jo'
//"name":"Bob","age":"20"
//"name":"Nick","age":"23"
let myGroup = dim.group(d => {
if(d === 'Jo') {
//Why we come here? This values must be filtered already
}
})
How can I filter my dimension and don't have these values on 'dim.group'?
Not sure what version you are using, but in the current version of Crossfilter, when a new group is created all records are first added to the group and then filtered records are removed. So the group accessor will be run at least once for all records.
Why do we do this? Because for certain types of grouping logic, it is important for the group to "see" a full picture of all records that are in scope.
It is possible that the group accessor is run over all records (even filtered ones) anyway in order to build the group index, but I don't remember.

Resources