The Claim Rule Language

Applies To: Active Directory Federation Services (AD FS) 2.0

Active Directory Federation Services (AD FS) 2.0 claim rules help to create claims to send to a relying party by using the input claims or attributes from the attribute stores. A claim rule is written using the claim rule language or by configuring a rule template, and it defines how to generate, transform, pass through, or filter claims. Only the claims that are specified by a rule are added to the set of output claims. Therefore, the default (before any rules are configured) is to output no claims. In general, each rule takes the following form:

"If a set of conditions is true, issue one or more claims."

Several variations of this basic rule are possible using the claim rule language. The Edit Claim Rules dialog box in the AD FS 2.0 snap-in defines a set of predefined rule templates for common cases. These rule templates contain predefined claims language syntax.

For more detailed information about how to use the claim rule language, and for examples, see The Role of the Claim Rule Language (https://go.microsoft.com/fwlink/?LinkId=182448) in the AD FS 2.0 Design Guide.

Note

When you work with the claim rule language, double quotation marks (“”) are not allowed inside strings. As an alternative, single quotation marks (‘’) are allowed inside string values that are part of claim rules.