In the ADFS Management Console, select "Relying Party Trusts" on the navigation panel
Right click on the new relying party trust, e.g. "GoToMeeting"
select "Edit Claim Issurance Policy..."
click the "Add Rule..." button
select Send LDAP Attributes as Claims as the Claim rule template
click Next.
Use the following settings:
| Option | Value |
|---|---|
| Claim rule name | AD Email |
| Attribute store | Active Directory |
| LDAP Attribute | E-mail-Addresses |
| Outgoing Claim Type | E-mail Address |
Click "Finish"
Click "Add Rule..." again
select Transform an Incoming Claim as the Claim rule template
click Next
use the following settings:
| Option | Value |
|---|---|
| Claim rule name | Name ID |
| Incoming claim type | E-Mail Address |
| Outgoing claim type | Name ID |
| Outgoing name ID Format |
Click "Finish"
Finally, to prevent ADFS from sending encrypted assertions by default, open a Windows Power Shell command prompt and run the following command:
set-ADFSRelyingPartyTrust –TargetName "relyingPartyTrustDisplayName" –EncryptClaims $False