Relying Party Rules
Backup Default Office 365 Rules
Before editing any of the claims rules for the 'Microsoft Office 365 Identify Platform' relying party entry make sure to backup the existing claims rules. These rules are note easy to regenerate.
Backing Up Claims Rules
Select the claim rule and click the 'Edit Rule...' button. Copy all of the claims rule language to a text file. Repeat this step for each of the rules. Make sure to keep all of the rules in order. Make sure to save the built text file to a safe location.
Edit Microsoft Office 365 Identity Platform Claims Rules
Click 'Edit Claims Rules...' for the 'Microsoft Office 365 Identity Platform' replying party entry. Frist delete all of the existing rules. Then start adding the rules with the 'Add Rule...' button.
Add Pass Through of UPN Claim
Add a rule to allow the UPN claim to pass through. Below is the generated claim rule language code by this rule.
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(claim = c);Add Pass Through of Source user ID Claim
Add a rule to allow the Source user ID claim to pass through. Below is the generated claim rule language code by this rule.
c:[Type == "http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID"]
=> issue(claim = c);Overwrite Name ID with Source user ID Claim
Office 365 expects the Name ID claim to contain the Source user ID value. This rule copies the Source user ID in to the Name ID claim. Below is the generated claim rule language code by this rule.
c:[Type == "http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");