Passing Through or Filtering an Incoming Claim

Article
05/28/2012

Applies To: Active Directory Federation Services (AD FS) 2.0, Windows Server 2012

Using the Pass Through or Filter an Incoming Claim rule template, you can pass through all claim values for a selected claim type. You can also filter claims based on the claim values so that only certain claim values for a selected claim type will pass through. You can send multiple claim values with the same claim type using this rule.

For example, you can use this rule template to create a rule that will send only user principal name (UPN) claims that end with "@fabrikam.com".

In the acceptance transform rules of a claims provider trust, this rule template is useful for passing through only incoming claims from the claims provider that match certain constraints. No claims are passed through unless a rule specifically passes them through. For example, you might want to only accept e-mail claims from the claims provider; therefore, you would use this rule template to accept e-mail claim types that end in the claims provider’s Domain Name System (DNS) name.

In the issuance transform rules of a relying party trust, this rule template is useful for passing through or filtering the claims that are sent to the specific relying party. Some relying parties might not understand certain claim types, or certain claims might contain sensitive information that should not be sent to certain relying parties. This rule template can help to enforce those policies for a particular relying party trust.

You can find incoming claims in the input set of the rules. For more information about the input set of the rules, see Using Claim Rules for Issuing Claims.

Passing Through or Filtering an Incoming Claim

See Also

Other Resources

Additional resources