A single claim is required. While multiple claims may be configured, it is recommended you use a single claim only, which should be most appropriate for the environment. In the Claim Rule, the LDAP attributes are mapped to the outgoing claim types. The LoadMaster supports:

  • The User-Principal-Name which maps to the UPN (which is the outgoing claim type)
  • The SAM-Account-Name (which is the typical Windows samAccountName attribute from an LDAP perspective) which maps to the Windows account name
  • The User-Principal-Name which maps to the Name ID outgoing claim type
Note: The User-Principal-Name is important because without it – a session index is not included in the SAML response. The session index is very important to correlate an existing session and a log out operation.

To add the Claim Rule, follow the steps below:

  1. Select the Relying Party Trusts folder.
  2. Right-click the relevant Display Name and select Edit Claim Rules.

  3. Edit the relevant rule.
  4. Add the attribute mappings.

  5. Ensure that all users are permitted access by selecting the Issuance Authorization Rules tab.