创建规则以使用自定义规则发送声明Create a Rule to Send Claims Using a Custom Rule

通过使用 Active Directory 联合身份验证服务 (AD FS) 中的 "使用自定义规则发送声明" 模板,可以创建自定义声明规则,以应对标准规则模板不满足组织要求的情况。By using the Send Claims Using a Custom Rule template in Active Directory Federation Services (AD FS), you can create custom claim rules for situation in which a standard rule template does not satisfy the requirements of your organization. 自定义声明规则以声明规则语言编写,然后必须复制到 "自定义规则" 文本框中,然后才能将其用于规则集。Custom claim rules are written in the claim rule language and must then be copied into the Custom rule text box before they can be used in a rule set. 有关构造高级规则的语法的信息,请参阅声明规则语言的角色For information about constructing the syntax for an advanced rule, see The Role of the Claim Rule Language.

你可以使用以下过程,通过中的 AD FS 管理 "管理单元来创建声明规则 - 。You can use the following procedure to create a claim rule by using the AD FS Management snap-in.

在本地计算机上, Administrators中的成员身份或同等身份是完成此过程的最低要求。Membership in Administrators, or equivalent, on the local computer is the minimum requirement to complete this procedure. 查看有关使用适当帐户和本地和域默认组中组成员身份的详细信息。Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups.

创建规则以在 Windows Server 2016 中的信赖方信任上传递或筛选传入声明To create a rule to pass through or filter an incoming claim on a Relying Party Trust in Windows Server 2016

  1. 在服务器管理器中,单击“工具”,选择“AD FS 管理”********。In Server Manager, click Tools, and then select AD FS Management.

  2. 在控制台树中的 " AD FS下,单击"信赖方信任"。In the console tree, under AD FS, click Relying Party Trusts. 创建规则create rule

  3. 右键 - 单击所选的信任,然后单击 "编辑声明颁发策略"。Right-click the selected trust, and then click Edit Claim Issuance Policy. 创建规则create rule

  4. 在 "编辑声明颁发策略" 对话框中的 "颁发转换规则" 下,单击 "添加规则" 以启动规则向导。In the Edit Claim Issuance Policy dialog box, under Issuance Transform Rules click Add Rule to start the rule wizard. 创建规则create rule

  5. 在 "选择规则模板" 页上的 "声明规则模板" 下,从列表中选择 "使用自定义规则发送声明",然后单击 "下一步"。On the Select Rule Template page, under Claim rule template, select Send Claims Using a Custom Rule from the list, and then click Next. 创建规则create rule

  6. 在 "配置规则" 页上的 "声明规则名称" 下,键入此规则的显示名称。On the Configure Rule page, under Claim rule name, type the display name for this rule. 在 "自定义规则" 下,键入或粘贴要用于此规则的声明规则语言语法。Under Custom rule, type or paste the claim rule language syntax that you want for this rule. 创建规则create rule

  7. 单击“完成”。Click Finish.

  8. 在 "编辑声明规则" 对话框中,单击 "确定" 保存规则。In the Edit Claim Rules dialog box, click OK to save the rule.

创建规则以在 Windows Server 2016 中通过声明提供方信任传递或筛选传入声明To create a rule to pass through or filter an incoming claim on a Claims Provider Trust in Windows Server 2016

  1. 在服务器管理器中,单击“工具”,选择“AD FS 管理”********。In Server Manager, click Tools, and then select AD FS Management.

  2. 在控制台树中的 " AD FS下,单击"声明提供方信任"。In the console tree, under AD FS, click Claims Provider Trusts. 创建规则create rule

  3. 右键 - 单击所选的信任,然后单击 "编辑声明规则"。Right-click the selected trust, and then click Edit Claim Rules. 创建规则create rule

  4. 在 "编辑声明规则" 对话框中的 "接受转换规则" 下,单击 "添加规则" 以启动规则向导。In the Edit Claim Rules dialog box, under Acceptance Transform Rules click Add Rule to start the rule wizard. 创建规则create rule

  5. 在 "选择规则模板" 页上的 "声明规则模板" 下,从列表中选择 "使用自定义规则发送声明",然后单击 "下一步"。On the Select Rule Template page, under Claim rule template, select Send Claims Using a Custom Rule from the list, and then click Next. 创建规则create rule

  6. 在 "配置规则" 页上的 "声明规则名称" 下,键入此规则的显示名称。On the Configure Rule page, under Claim rule name, type the display name for this rule. 在 "自定义规则" 下,键入或粘贴要用于此规则的声明规则语言语法。Under Custom rule, type or paste the claim rule language syntax that you want for this rule. 创建规则create rule

  7. 单击“完成”。Click Finish.

  8. 在 "编辑声明规则" 对话框中,单击 "确定" 保存规则。In the Edit Claim Rules dialog box, click OK to save the rule.

使用 Windows Server 2012 R2 中的自定义声明创建用于发送声明的规则To create a rule to send claims by using a custom claim in Windows Server 2012 R2

  1. 在服务器管理器中,单击 "工具",然后单击 " AD FS 管理"。In Server Manager, click Tools, and then click AD FS Management.

  2. 在控制台树中的 " AD FS \ 信任关系" 下,单击 "声明提供方信任信赖方信任",然后在要创建此规则的列表中单击特定信任。In the console tree, under AD FS\Trust Relationships, click either Claims Provider Trusts or Relying Party Trusts, and then click a specific trust in the list where you want to create this rule.

  3. 右键 - 单击所选的信任,然后单击 "编辑声明规则"。Right-click the selected trust, and then click Edit Claim Rules. 创建规则create rule

  4. 在 "编辑声明规则" 对话框中,选择下列选项卡,其中一个选项卡依赖于你正在编辑的信任和你要在哪个规则集中创建此规则,然后单击 "添加规则" 以启动与该规则集关联的规则向导:In the Edit Claim Rules dialog box, select one the following tabs, which depends on the trust that you are editing and in which rule set you want to create this rule, and then click Add Rule to start the rule wizard that is associated with that rule set:

    • 接受转换规则Acceptance Transform Rules

    • 颁发转换规则Issuance Transform Rules

    • 颁发授权规则Issuance Authorization Rules

    • 委派授权规则 创建规则Delegation Authorization Rules create rule

  5. 在 "选择规则模板" 页上的 "声明规则模板" 下,从列表中选择 "使用自定义规则发送声明",然后单击 "下一步"。On the Select Rule Template page, under Claim rule template, select Send Claims Using a Custom Rule from the list, and then click Next. 创建规则create rule

  6. 在 "配置规则" 页上的 "声明规则名称" 下,键入此规则的显示名称。On the Configure Rule page, under Claim rule name, type the display name for this rule. 在 "自定义规则" 下,键入或粘贴要用于此规则的声明规则语言语法。Under Custom rule, type or paste the claim rule language syntax that you want for this rule. 创建规则create rule

  7. 单击“完成”。Click Finish.

  8. 在 "编辑声明规则" 对话框中,单击 "确定" 保存规则。In the Edit Claim Rules dialog box, click OK to save the rule.

其他参考Additional references

配置声明规则Configure Claim Rules

清单:为信赖方信任创建声明规则Checklist: Creating Claim Rules for a Relying Party Trust

清单:为声明提供方信任创建声明规则Checklist: Creating Claim Rules for a Claims Provider Trust

何时使用授权声明规则When to Use an Authorization Claim Rule

声明的角色The Role of Claims

声明规则的角色The Role of Claim Rules