From 7cb650415762e0945a9cd37d76679070f05bf051 Mon Sep 17 00:00:00 2001
From: Doug B <732390+dmb2168@users.noreply.github.com>
Date: Thu, 21 Mar 2019 01:03:31 +0100
Subject: [PATCH] added to readme
---
README.md | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/README.md b/README.md
index 145893e..a0870af 100644
--- a/README.md
+++ b/README.md
@@ -129,7 +129,11 @@ Helper command that will take the supplied EncryptedPFX blob and DKM key from `-
`python ADFSpoof.py -b EncryptedPfx.bin DkmKey.bin -s sts.doughcorp.com saml2 --endpoint https://my.app.com/access/saml --nameidformat urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress --nameid robin@doughcorp.com --rpidentifier myapp --assertions robin@doughcorp.com`
+### Reading Issuance Authorization Rules
+More coming soon! As a tl;dr for SAML 2.0 each issuance rule (with the exception of the nameid rule) is going to be translated into a SAML assertion. SAML assertions are tags. The Attribute tag must have an attribute called "Name" that value of which is the claim type. The claim value goes inside the tags.
+
+ There is a little more nuance which I hope to discuss in a wiki page soon, but that is the basic idea. Relying Parties may have "StrongAuth" rules and MFA requirements, but usually we don't care about those.