1

We are created a claim in the Azure interface for SAML and by default the email address is included in the template when we first create it. Everything was working fine, however a rookie was messing around and deleted the emailaddress claim and we can't seem to add it back. It's now missing from the claim payload where previously it was coming in with the label "emailAddress" - noting that the case is slightly different).

This claim type is restricted error

Can anyone explain what might be something obvious I'm missing here?

Improve this question
3
  • Did you take a look at the following Microsoft article? You could use a different name such as Email or follow the suggestions in the article. learn.microsoft.com/en-us/azure/active-directory/develop/…
    – ComponentSpace
    Sep 5 at 7:07
  • Hi, yeah - I have seen that. I'm confused though - when you first set up the claim, the emailaddress is in the definition - and the email address (mapped from user.mail) does arrive against this name in the payload. Now that it's been accidentally deleted, we can't add it - and whilst we could add a new mapping name, the existing application that's using this is currently looking for the claim name that was there by default. It's weird - or I'm missing something.
    – Rocksalt
    Sep 5 at 9:10
  • We have an app that was configured in Azure AD a few years ago with a particular claim. If I create a new app and attempt to specify the exact same claim I get the "claim type is restricted" error. Perhaps there's been an intervening change in the Azure functionality.
    – ComponentSpace
    Sep 6 at 23:09

1 Answer 1

Reset to default
1

I ran into the same issue and opened a ticket with Microsoft. It seems they introduced a new bug, on just about the same day you posted this.

They are working on reverting/fixing it, but in the meantime the only solution is to use a claims policy: https://learn.microsoft.com/en-us/answers/questions/352327/add-restricted-claim-upn-to-saml

Improve this answer
1
  • do you have a link to the bug ticket by any chance?
    – Andrey Stukalin
    Sep 11 at 4:56

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .