I need to grant a claim to everyone not matching a particular LDAP attribute. I want to use a regex with a negative look ahead to perform this "not" clause
c1:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", Value =~ "^(?!Test User).*$"]
=> issue(Type = "http://goofyclaim", Value = "youre not a tester");
the above rule doesn't seem to get satisfied by my test users. Something wrong with the regex? or does ADFS4.0 not support it. I don't see any errors in the ADFS event logs.
this is a win2016srv on a win2012r2 AD domain.
for reference, this rule does work:
c1:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", Value =~ "(?i)^Test User1"]
=> issue(Type = "http://somethignelseentreily", Value = "imispellwhendriving");
(leaving my other answer so other can see its not the right answer)
NOT EXISTS([Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", Value =~ "^Test User"])
=> issue(Type = "http://somethignelseentreily", Value = "all");