Review the Role of Claims in the Resource Partner Organization

Applies To: Windows Server 2008

A resource partner receives a token that contains claims, verifies that the token came from a trusted account partner, and makes the claims available to a Web-based application for authorization purposes. The following table describes claim options in the resource partner.

Claim option Description

Incoming claims

Incoming claims are received by the resource partner. They are generated by the account federation server as outgoing claims. The claim names that you configure here are determined by an agreement with your account partner on a common namespace.

Incoming claim mappings

Incoming claim mappings map incoming claims to organization claims.

Organization claims

The resource federation server transforms, or maps, incoming claims to organization claims. Organization claims are used by the federation server—in this case, the resource federation server. This is the core set of claims that the organization uses for mapping.

Claim transformation modules

You can use the Active Directory Federation Services (AD FS) user interface (UI) on your federation servers to change the name of a claim during the mapping process; for example, Administrators may become Admins. This way, you can share claims with partners and express claims in a common namespace that does not necessarily match the way that you define your own organization claims.

There may be situations, though, in which simple mapping of claims may not be sufficient for your scenario. In these situations, you can develop a claim transformation module that modifies claim names and values as they pass through the federation server. For example, the claim transformation module might convert a claim containing a monetary value into another currency based on an exchange rate. Or, the module might look into a sales database and determine the discount level for a partner.

If you determine that building a claim transformation module is necessary for your scenario, see the AD FS software development kit (SDK) on the MSDN Web site for additional information about how the claim transformation module functions. For more information, see Active Directory Federation Services (