send NameID claim without encryption in ADFS 2.0

adfs

We had a customer with an issue connecting to our web application. We wanted to disable encryption to help debug what we were receiving. These are the steps they used to disable encryption on their ADFS 2.0 server:

  • Click Start
  • Click Administrative Tools
  • Click Windows PowerShell Modules

  • Then, at the Windows PowerShell command prompt, type the following:

    set-ADFSRelyingPartyTrust –TargetName “target” –EncryptClaims $False

The way I've solved this goes like this:

  1. Create a rule that extracts the UPN from AD
  2. Create a transform rule that transforms the Incoming claim type: UPN to the Outgoing claim type: Name ID and choose the transient nameid-format from the 'Outgoing Name ID Format' dropdown

This causes AD to send the NameID in the format required:
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">Joe</NameID>

(I'll leave this question 'unanswered' for a while incase someone has a better solution.

Related

Intel Xeon MTBF/Lifetime
Windows Server 2008 + IIS7: .ogg files can not be played
How do you configure the maximum concurrent connection pool in apache?
Is there a way to publish my screen (using VNC or similar technology)
How to setup openvpn on linux using existing certificates
Site-to-Site connection
MySQL : max_allowed_packet Greater than 1 GB is it possible?
Two devices mounted on the same mountpoint?
SARG reports for Squid filling up the disk, how to purge them?
How would I create a PDF print server?
Configuring postfix to handle email on multiple domains without being an open relay
What security context does the Group Policy engine run under on Windows?