For more information about how rules are processed, see The Role of the Claims Engine. However, you can process multiple claim values with the same claim type using a single rule.įor more detailed information about claim rules and claim rule sets, see The Role of Claim Rules. By setting precedence on rules, you can further refine or filter claims that are generated by previous rules within a given rule set.Ĭlaim rule templates will always require you to specify an incoming claim type.
In the AD FS Management snap-in, claim rules can only be created using claim rule templatesĬlaim rules process incoming claims either directly from a claims provider (such as Active Directory or another Federation Service) or from the output of the acceptance transform rules on a claims provider trust.Ĭlaim rules are processed by the claims issuance engine in chronological order within a given rule set. The following list outlines important tips that you should know about claim rules before you read further in this topic:
About claim rulesĪ claim rule represents an instance of business logic that will take an incoming claim, apply a condition to it (if x then y) and produce an outgoing claim based on the condition parameters. They also provide details about when to use the Send LDAP Attributes as Claims rule. The following sections provide a basic introduction to claim rules. If attribute store equals specified attribute store and LDAP attribute equals specified value, then map the LDAP attribute value to the specified outgoing claim type and issue the claim. Mapping of LDAP attributes to outgoing claim types When you use this rule, you issue a claim for each LDAP attribute that you specify and that matches the rule logic, as described in the following table. For more information about attribute stores, see The Role of Attribute Stores. You can use this rule in Active Directory Federation Services (AD FS) when you want to issue outgoing claims that contain actual Lightweight Directory Access Protocol (LDAP) attribute values that exist in an attribute store and then associate a claim type with each of the LDAP attributes.