Microsoft Active Directory 联合身份验证服务 (ADFS) 以及 Azure Active Directory SAML 断言到 Verify 凭据令牌的映射

ADFS和 Azure 是 SAML Enterprise中最常用的身份源。以下各节介绍了配置的详细信息，例如如何在传入的 SAML 断言与凭据令牌 Verify 之间映射用户的身份和属性。

表 1. 属性名称映射
Verify 标准属性名称	Azure SAML 断言属性名称	ADFS SAML 断言属性名称
`preferred_username`	`subjectNameID`	`subjectNameID`
`given_name`	`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`	`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
`family_name`	`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`	`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
`name`, `displayName`	`http://schemas.microsoft.com/identity/claims/displayname`	不适用
`email`, `emailAddress`	`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`	`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
`groupIds`	`http://schemas.microsoft.com/ws/2008/06/identity/claims/role`	`http://schemas.xmlsoap.org/claims/Group`
`employee_id`	`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid`	`http://schemas.microsoft.com/identity/claims/`
`realmName`	`realmName` `<saml:Issuer>`注意：如果在 SAML 断言中未指定该 `realmName` 属性，则该属性将从.中推导出来。	`realmName` `<saml:Issuer>`注意：如果在 SAML 断言中未指定该 `realmName` 属性，则该属性将从.中推导出来。
`mobile_number`	`mobile_number`	`mobile_number`
`work_number`	`work_number`	`work_number`
`employee_id`	`employee_id` 或者 `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid` 或者 `http://schemas.microsoft.com/identity/claims/employeeid`	`employee_id` 或者 `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid` 或者 `http://schemas.microsoft.com/identity/claims/employeeid`
`department`	`department`	`department`
`job_title`	`job_title`	`job_title`