43. Stats Numbers %
Total Number of Applications 36
Applications that may need to be Modified 20 55.56%
Applications that need further Review 6 16.67%
Applications that can be migrated Today 10 27.78%
Percentage of apps that can be migrated 27.78%
44. Application Status Notes of Failure/Warning Claim Rules to Review Attributes Not Synced to AAD by Default Authorization Rules Present Restricted Claim Types
Active Directory Pass
N/A
0 0 0 0
AtHoc Messaging Notification Pass
N/A
0 0 1 0
Black Board Stage SAML Fail
Warning: Custom Issuance Transform Rules
Fail: SAML Request Signing Required
1 0 1 0
Campuslogic Production Fail
Warning: Auto Update Enabled on App
Fail: SAML Token Encryption Enabled
Warning: Monitoring Enabled on App
0 1 1 0
Campuslogic Sandbox Fail
Warning: Auto Update Enabled on App
Fail: SAML Token Encryption Enabled
Warning: Monitoring Enabled on App
0 1 1 0
CRM IFD Relying Party TEST environment Fail
Warning: Auto Update Enabled on App
Fail: SAML Token Encryption Enabled
Warning: Custom Issuance Transform Rules
3 0 1 0
Dub Labs Application - Production - ACC Pass
N/A
0 0 1 0
Dub Labs Application - Production - WCU Pass
N/A
0 0 1 0
Dub Labs Application - Test - WCU Pass
N/A
0 0 1 0
Dub Labs Application -Test - ACC Pass
N/A
0 0 1 0
Dynamics CRM Claims Relying Party PROD Fail
Warning: Auto Update Enabled on App
Fail: SAML Token Encryption Enabled
Warning: Custom Issuance Transform Rules
3 0 1 0
Dynamics CRM IFD Relying Party for DEV Fail
Warning: Auto Update Enabled on App
Fail: SAML Token Encryption Enabled
Warning: Custom Issuance Transform Rules
3 0 1 0
External Dynamics CRM for PROD Fail
Warning: Auto Update Enabled on App
Fail: SAML Token Encryption Enabled
Warning: Custom Issuance Transform Rules
3 0 1 0
EZProxy_ACC Fail
Fail: SAML Token Encryption Enabled
0 0 1 0
Host Analytics Pass
N/A
0 0 1 0
45. RP Name RuleSet Rule IsKnownRuleMigratablePattern KnownRulePatternName
Black Board Stage SAML IssuanceTransform
@RuleTemplate = "LdapClaims"
@RuleName = "Transform Username to NameID"
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer
== "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("SamAccountName"), query =
";sAMAccountName;{0}", param = c.Value);
TRUE Extract Attributes from AD
Black Board Stage SAML IssuanceTransform
@RuleTemplate = "MapClaims"
@RuleName = "Transform Email to Name ID"
c:[Type == "SamAccountName"]
=> issue(Type =
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer =
c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType =
c.ValueType,
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] =
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
FALSE N/A
Campuslogic Production ImpersonationAuthorization
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid",
Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]
=> issue(store = "_ProxyCredentialStore", types =
("http://schemas.microsoft.com/authorization/claims/permit"), query =
"isProxySid({0})", param = c.Value);
TRUE ADFS V2 - ProxySid by user
Campuslogic Production ImpersonationAuthorization
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Issuer
=~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"]
=> issue(store = "_ProxyCredentialStore", types =
("http://schemas.microsoft.com/authorization/claims/permit"), query =
"isProxySid({0})", param = c.Value);
TRUE ADFS V2 - ProxySid by group
Campuslogic Production ImpersonationAuthorization
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/proxytrustid",
Issuer =~ "^SELF AUTHORITY$"]
=> issue(store = "_ProxyCredentialStore", types =
("http://schemas.microsoft.com/authorization/claims/permit"), query =
"isProxyTrustProvisioned({0})", param = c.Value);
TRUE ADFS V2 - Proxy Trust check
Campuslogic Production IssuanceAuthorization
@RuleTemplate = "AllowAllAuthzRule"
=> issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value =
"true");
TRUE Permit All
Campuslogic Production IssuanceTransform
@RuleTemplate = "LdapClaims"
@RuleName = "Campuslogic Production claim rule"
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer
== "AD AUTHORITY"]
=> issue(store = "Active Directory", types =
("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"westcoastuniversity/StudentID",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"westcoastuniversity/FirstName", "westcoastuniversity/LastName"), query =
";employeeNumber,employeeNumber,mail,givenName,sn;{0}", param = c.Value);
TRUE Extract Attributes from AD