Optional Configuration
Applies To: Operations Manager 2007
Enable monitoring of authorization rules
Depending on how Active Directory Federation Services (AD FS) 2.0 was deployed in your organization, you may want to enable the ability to monitor how authorization claim rules are working in your organization. Microsoft assumes that administrators, before putting AD FS 2.0 into production, configured the user authorization claim rules properly, and any denial of access that users experience is a result of the authorization claim rules that were configured.
The following rules are disabled by default in the AD FS 2.0 management pack:
On Behalf Of Authorization Error
Caller Authorization Error
Act As Authorization Error
You can enable these rules by performing the following procedure.
To enable rules
Open the Operations Console of the Operation Manager.
Click the Authoring tab in the left panel.
Click Management Pack Objects, and then click Rules.
In the list of rules, locate the rule that you want to enable under Type: Token Issuance, right-click the rule, point to Overrides, point to Override the Rule, and then click For all objects of class: Token issuance.