Exposing Account Store Attributes as Claims
Applies To: Windows Server 2003 R2
Active Directory Federation Services (ADFS) uses claims to provide specific information about users to a Web application. Claims are populated with information (attributes) from the account store that hosts the user account. For example, a claim might extract the user's name, identity, key, group, privilege, or capability. The claim is passed in the security token, which the Web server uses to make authorization decisions for access to the requested application.
An organization group claim, when used with an Active Directory Application Mode store, requires mapping the claim to an ADAM attribute.
An organization custom claim maps the claim to an attribute when used with either an ADAM store or an Active Directory store.
Task requirements
You must meet the following conditions to perform the procedures for this task:
ADFS must be installed to create at least one federation server in your forest or realm.
The Active Directory Federation Services MMC snap-in must be running on the federation server.
Active Directory or Active Directory Application Mode (ADAM) must be available in the ADFS forest or realm.
You must have a plan for creating claims and mapping them to the appropriate attributes of a user account in ADAM if you are managing an account Federation Service, or to a set of organization claims if you are managing a resource Federation Service.
To complete this task, perform the following procedures on an as-needed basis: