This project has moved and is read-only. For the latest updates, please go here.

Custom Claims support

Mar 17, 2015 at 6:11 AM
Basically I need to augment custom claims whose values I'll be getting by performing a REST call:
Something like

Does this implementation already facilitate something like this? Is it planned to?
Any suggestions?

I went through the code. If I simply implement FillClaimsForEntity in LDAPCP.cs, I would be able to add a few custom claims - whose values I'm hoping to fetch by a REST service call.
Mar 17, 2015 at 10:09 AM
if you are only interested in claims augmentation, I'm not sure LDAPCP will make things easier for you.
Yes, FillClaimsForEntity is the method you need to override, but you should do that in a class that inherits LDAPCP, so that you could easily apply updates made to LDAPCP.
Mar 17, 2015 at 11:48 AM
Thank you Yvand for the info.

Actually, we're looking for your solution augmented with custom claims functionality. We would now implement it on our own.
Mar 18, 2015 at 7:22 AM
Before I start; I should ask. Yvand, are there any plans of implementing augmentation? Or any chance of collaboration?
Mar 18, 2015 at 1:44 PM
no this is not planned.
As I mentionned, I strongly recommend that you import LDAPCP.dll in a new project, and implement FillClaimsForEntity in a new class that inherits LDAPCP, instead of editing LDAPCP class directly.
You can download "LDAPCP for" to find examples of this.
Mar 18, 2015 at 3:12 PM
For what it's worth, this would be beneficial to us as well. We've been successfully using LDAPCP for some time for resolution. Looking forward, as we plan for hybrid search with SharePoint Online and SharePoint 2013 on premise, I believe we will need to transition from sending role claims via ADFS at authentication time to using claims augmentation to fetch roles. This should allow SPO queries against on premise to properly determine access rights and security trim appropriately. Without this searching from SPO would only return on-prem results when the user was explicitly granted access--not via role claim.

At least that's my understanding of federated search; I haven't had time to test this yet.

Mar 25, 2015 at 1:20 PM
hello, thank you for your feedback, I'll take this into consideration, and I will update this thread if this gets finally implemented.