Creating a rule to pass through or filter an incoming claim

Applies To: Unified Access Gateway

Using the Pass Through or Filter an Incoming Claim rule template in Active Directory Federation Services (AD FS) 2.0, you can pass through all incoming claims with a selected claim type. You can also filter the values of incoming claims with a selected claim type. For example, you can use this rule template to create a rule that will send all incoming group claims. You can also use this rule to send only user principal name (UPN) claims that end with @fabrikam.

To create a rule to pass through an incoming claim, see Create a Rule to Pass Through or Filter an Incoming Claim. For this solution guide, create a rule on the Issuance Transform Rules tab to Pass through all claim values.

Important

When configuring the rule, you must configure the AD FS 2.0 server to send claims that correspond with the claim types defined for the AD FS 2.0 authentication repository on the Forefront UAG server, for Kerberos constrained delegation, and for application authorization. See Configuring an AD FS 2.0 authentication repository, Configuring single sign-on with Kerberos constrained delegation to non-claims-aware applications, and Configuring claims-based application authorization.

For information about claim rules, see The Role of Claim Rules (https://go.microsoft.com/fwlink/?LinkId=200712) and When to Use a Pass Through or Filter Claim Rule (https://go.microsoft.com/fwlink/?LinkId=200713).