While ago I wrote short entry about adding new claim mapping to existing definition of identity token provider. After this post I got following comment from one of readers (good that I still have some of them here πŸ™‚ ):

When I run the powershell command it fails wit the following error: Add-SPClaimTypeMapping : Incoming claim types do not include claim type ‘http://schemas.microsoft.com/ws/2008/06/identity/claims/role’

I had no time to dig into this issue since then but as it often happens I had to do this on my own – so here is part duex of this tip – what to do if You have new claim definition and You have to add it to SPS 2010 identity provider definition.

(cc) Tiger Pixel

So let assume that we have new claim with type description as follows:

http://schemas.microsoft.com/ws/2010/07/identity/claims
/company

which is being issued by our ADFS 2 server for SPS 2010 application. Earlier we have defined Identity Token issuer in our SPS 2010 configuration (Jorge has gathered together some articles which describe in details how to do this) – in our case called ADFS20Server.

So how to add this new claim definition to identity token issuer in SPS 2010. Here comes a recipe:

Get IdentityTokenIssuer object:

$tokenIssuer = Get-SPTrustedIdentityTokenIssuer -Identity “ADFS20Server”

Add new claim type:

$tokenIssuer.ClaimTypes.Add(”

http://schemas.microsoft.com/ws/2010/07/identity/claims
/company”)

Create new claim mapping:

$companyClaim = New-SPClaimTypeMapping -IncomingCLaimType “http://schemas.microsoft.com/ws/2010/07/identity/claims
/company -IncomingClaimTypeDisplayName “Company” -LocalClaimType

http://schemas.microsoft.com/ws/2010/07/identity/claims
/company

And add it to our token issuer configuration:

$companyClaim | Add-SPClaimTypeMapping -TrustedIdentityTokenIssuer $tokenIssuer

And voile:

PS. Thanks’ goes to Bryan who pointed me in right direction when I was struggling with figuring this one out based on SPS2010 Powershell help :).