Export (0) Print
Expand All

Sending Claims Using a Custom Rule

Updated: May 5, 2010

Applies To: Active Directory Federation Services (AD FS) 2.0

Using a custom rule, you can create rules that cannot be created with a standard rule template. Custom rules are written in the Active Directory Federation Services (AD FS) 2.0 claim rule language. Capabilities that require custom rules include the following:

  • Sending claims from a Structured Query Language (SQL) attribute store

    SQL attribute store queries must be typed into a custom rule, and the administrator must specify the claim types that are expected to map to the values that the attribute store returns.

  • Sending claims from a Lightweight Directory Access Protocol (LDAP) attribute store using a custom LDAP filter

  • Sending claims from a custom attribute store using a custom LDAP filter

    A custom LDAP filter makes it possible for the administrator to search against attributes other than the default attribute samAccountname.

  • Sending claims from a custom attribute store

    Custom attribute stores require custom query strings that must be typed into a custom rule.

  • Sending claims only when two or more incoming claims are present

    For example, "If group=administrators and title=Manager, send claim role=Approver".

  • Sending claims only when an incoming claim value matches a complex pattern

    For example, "If the value of a role claim contains the string manager, send group=managers".

  • Sending claims with complex changes to an incoming claim value

    For example, "If user has a group claim, send claim greeting=’Member of ’ + <group name>".

  • Creating claims for use only in later rules

    Rules that add claims only to the input claim set must be written as custom rules. For more information about the input claim set and output claim set, see Using Claim Rules for Issuing Claims.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft