active directory - ADFS not issuing claims from custom attribute stores to some users -


i'm trying work out why of our users aren't issued claims our custom attribute stores.

our main attribute store authentication active directory, using 2 custom attribute stores issue several custom claims users, , perform logging of claims issued. when affected user logs in, authenticated ad, have no more claims added. according logging in our attribute stores, beginexecutequery never called.

i can't see link affected users, seem new users, or users have not logged system in long time. restarting adfs clears problem, whether or not seems random.

i'm trying understand why attribute store ignored adfs on logon users, when works fine others. if there quick guaranteed temporary fix users' claims issued correctly, useful too!

for security reasons, don't have access adfs debug tracing.

this solved longs string of calls microsoft's ad fs support team. problem traced piece of our claims rule language using lastlogon , lastlogontimestamp ad attributes without understanding how behaved. meant users condition grant custom claims never met.


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -