Step 5: Setup ADFS 2.0 Role Claim

Starmind is able to use the "Role" claim to assign roles to the user. The easiest way to create such a Claim is with the claim rule template "Send Group Membership as a Claim".

Sample SAML Assertion (SAML2.0)

This assertion defines the roles "User" and "Manager" within the Role-Claim for the user John Doe.

<saml:Assertion Version="2.0">
    <saml:AttributeStatement>
        ...
        <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
            <AttributeValue>User</AttributeValue>
            <AttributeValue>Manager</AttributeValue>
        </Attribute>
    </saml:AttributeStatement>
</saml:Assertion>

Send Role as Claim

This will replace the original group name "StarmindUser" with "User" (but of course only if this user is member of this group).