AD FS 2.0 & Higher: Truncate strings in claims using RegEx

Scenario:

• There is an incoming claim (or user attribute) that is being sent to a relying party
• When the claim is sent, the value must not exceed a certain character limit
• Data that exceeds this limit must be truncated to accommodate this requirement

 

Example:

• Incoming claim http://contoso.com/claims/streetfull
• Outgoing claim http://contoso.com/claims/street
• Outgoing claim must not exceed 50 characters

 

Transformation Claim:

c:[Type == http://contoso.com/claims/streetfull] => Issue (Type = http://contoso.com/claims/street,    Value = regexreplace (c.Value, "(?<start>^.{1,50}).+$", "${start}"));

 

Explanation:

We look for any incoming http://contoso.com/claims/streetfull claims.  For those we perform an advanced RegExReplace().

Function Format: RegExReplace(string, match syntax, replace syntax)

String: c.Value
The string, is the value of a http://contoso.com/claims/streetful claim

Match Syntax: (?<start>^.{1,50}).+$
The match syntax is broken into two major sections.  The first section, (?<start>^.{1,50}) , looks for the first 50 characters, and labels it as <start>.  The second section, .+$ , matches everything after the first section.  This is important, as we need to match everything in order to make the replacement work as needed.

Replace Syntax: ${start}

The match syntax, ${start} , represents the first 50 characters. 

Effectively, we have isolated the first 50 characters into a variable, matched the entire string, then replaced the entire string with the variable.