Configure a claims transform module

Applies To: Windows Server 2003 R2

A claims transform module is custom code that manipulates organization, input (incoming), and output (outgoing) claims. Typically, transform modules use the corporate and input claims to produce additional output claims. However, the claim transform module can enumerate, add, delete, and modify claims in any of the claim sets.

Store the claims transform module in %systemdrive%\adfs\sts\bin. This location provides the following advantages:

  • ASP.NET keeps a shadow copy of the dynamic-link library (DLL), which allows the DLL to be replaced without stopping the Federation Service, thereby preventing downtime.

  • File security is inherited from the \adfs\sts directory.

  • The module can be backed up along with all other Active Directory Federation Services (ADFS) files.

After you deploy the transform module to the federation server, perform the following procedure on the account federation server or resource federation server that is configured with the trust policy whose claims transform module you are configuring.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To configure a claims transform module

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Double-click Federation Service, right-click the Trust Policy node, and then click Properties.

  3. On the Transform Module tab, configure the DLL file and class name for the module as follows:

    1. DLL file: Click Browse to navigate to the DLL that implements the claim transform module, and then click Open.

      Note

      This DLL must be a managed-code assembly.

    2. Class name: Type the namespace-qualified class name that implements the claim transform interface (IClaimTransform, which is defined in System.Web.Security.SingleSignOn.ClaimTransforms.dll): The namespace qualified name should be of the format namespace.classname.

  4. Click OK to save the configuration.