Delen via


Configuring Claim Rules

 

Applies To: Windows Server 2012

To configure claim rules in your organization, complete each of the tasks in Checklist: Creating Claim Rules for a Claims Provider Trust or Checklist: Creating Claim Rules for a Relying Party Trust, depending on the federation role that your organization will play.

Note

When you use either of these checklists, we recommend that you first read the references to understanding claims issuance and claim rules concepts in the AD FS Design Guide in Windows Server 2012 before you begin the procedures for configuring claim rules. Following the checklist in this way provides a better understanding of the design and deployment process claim rules.

About Claim Rules

In a claims-based identity model, the function of Active Directory Federation Services (AD FS) as a federation service is to issue a token that contains a set of claims. The decision regarding what claims AD FS issues is governed by claim rules. Claim rules (and all server configuration dat) are stored in the AD FS configuration database.

AD FS makes issuance decisions based on identity information that is provided to it in the form of claims and other contextual information. At a high level, AD FSoperates as a rules processor by taking one set of claims as input, performing a number of transformations, and then returning a different set of claims as output.