000011988 - FIM - Unable to federate to SharePoint with ADFS and RSA FIM

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011988
Applies ToRSA Federated Identity Manger (FIM) 4.1
Issue

Unable to federate to SharePoint with ADFS and RSA


The user is unable to federate to Microsoft SharePoint with ADFS and RSA FIM acting as the IDP.
Error when accessing SharePoint
CauseSharePoint was expecting an "AD FS 1.x E-Mail Address" claim.   RSA FIM was sending email address claim as "E-Mail Address" and not "http://schemas.xmlsoap.org/ws/2005/05/identity/caims/emailaddress" which is what ADFS was expecting.
ResolutionCreate a custom claim rule on CP trust rules to transform "E-Mail Address" to "http://schemas.xmlsoap.org/ws/2005/05/identity/caims/emailaddress" and a transform rule to change ADFS emal address into "AD FS 1.x E-Mail Address" in case we needed to use the default email claim for another RP.
Legacy Article IDa59298

Attachments

    Outcomes