建立轉換傳入理賠要求規則Create a Rule to Transform an Incoming Claim

適用於:Windows Server 2016、Windows Server 2012 R2Applies To: Windows Server 2016, Windows Server 2012 R2

使用轉換取得連入規則範本 Active Directory 同盟服務 (AD FS),在選取傳入理賠要求、變更其宣告類型,並變更其理賠要求值。By using the Transform an Incoming Claim rule template in Active Directory Federation Services (AD FS), you can select an incoming claim, change its claim type, and change its claim value. 例如,您可以使用此規則範本建立會傳送具有相同的理賠要求值,連入的群組宣告的角色理賠要求規則。For example, you can use this rule template to create a rule that sends a role claim with the same claim value of an incoming group claim. 您也可以使用此規則傳送群組宣告項採購宣告值的值為系統管理員,連入的群組宣告或您可以傳送只使用者主體名稱 (UPN) 宣告使用該結束時@fabrikam。You can also use this rule to send a group claim with a claim value of Purchasers when there is an incoming group claim with a value of Admins, or you can send only user principal name (UPN) claims that end with @fabrikam.

您可以使用下列程序,以建立 AD FS 管理 snap\ 中理賠要求規則。You can use the following procedure to create a claim rule with the AD FS Management snap-in.

資格在系統管理員,或相當於、在本機電腦上已完成此程序的最低需求。Membership in Administrators, or equivalent, on the local computer is the minimum requirement to complete this procedure. 檢視詳細資料使用適當的帳號,並群組成員資格,本機和網域預設群組Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups.

若要建立轉換可以方信任 Windows Server 2016 上的連入理賠要求規則To create a rule to transform an incoming claim on a Relying Party Trust in Windows Server 2016

  1. 在伺服器管理員中,按一下工具,然後選取 [ AD FS 管理In Server Manager, click Tools, and then select AD FS Management.

  2. 主控台中在AD FS,按一下 [做為基礎的派對信任In the console tree, under AD FS, click Relying Party Trusts. 建立規則

  3. Right\ 按一下信任選取,然後再按一下編輯宣告發行原則Right-click the selected trust, and then click Edit Claim Issuance Policy. 建立規則

  4. 編輯宣告發行原則對話方塊中,在發行轉換規則新增規則以開始規則精靈。In the Edit Claim Issuance Policy dialog box, under Issuance Transform Rules click Add Rule to start the rule wizard. 建立規則

  5. 選取 [規則範本頁面上,在理賠要求規則範本,選取轉換連入宣告從清單中,然後按一下下一步On the Select Rule Template page, under Claim rule template, select Transform an Incoming Claim from the list, and then click Next.
    建立規則

  6. 設定規則頁面上,在理賠要求規則名稱,輸入顯示名稱本規則。On the Configure Rule page, under Claim rule name, type the display name for this rule. 傳入宣告類型,請選取清單鍵入理賠要求。In Incoming claim type, select a claim type in the list. 傳出宣告類型,選取 [宣告類型清單中,選取其中一項下列選項,您的組織需求而定:In Outgoing claim type, select a claim type in the list, and then select one of the following options, which depends on the requirements of your organization:

    • 通過所有宣告值Pass through all claim values

    • 使用不同的傳出宣告值取代傳入宣告值Replace an incoming claim value with a different outgoing claim value

    • 使用新的電子郵件 e\ 尾碼取代連入 e\ 郵件尾碼宣告Replace incoming e-mail suffix claims with a new e-mail suffix
      建立規則

  7. 按一下完成按鈕。Click the Finish button.

  8. 編輯理賠要求規則對話方塊中,按[確定]來儲存規則。In the Edit Claim Rules dialog box, click OK to save the rule.

注意

如果您的設定,請使用 AD FS\ 發行宣告動態存取控制案例,第一次建立轉換規則信任宣告提供者,以及傳入宣告類型,輸入名稱,連入宣告,或如果您之前已建立宣告描述,從清單中選取它。If you are setting up the Dynamic Access Control scenario that uses AD FS-issued claims, first create a transform rule on the claims provider trust, and in Incoming claim type, type the name for the incoming claim, or, if a claim description was previously created, select it from the list. 第二個,在傳出宣告類型、選取您想要宣告 URL,然後建立轉換規則信賴廠商信任發行裝置理賠要求。Second, in Outgoing claim type, select the claim URL that you want, and then create a transform rule on the relying party trust to issue the device claim.

如需動態存取控制案例中,請查看動態存取控制內容藍圖使用 AD DS 宣告 AD FS 使用For more information about Dynamic Access Control scenarios, see Dynamic Access Control Content Roadmap or Using AD DS Claims with AD FS.

若要建立轉換在 Windows Server 2016 宣告提供者信任傳入理賠要求規則To create a rule to transform an incoming claim on a Claims Provider Trust in Windows Server 2016

  1. 在伺服器管理員中,按一下工具,然後選取 [ AD FS 管理In Server Manager, click Tools, and then select AD FS Management.

  2. 在主控台在AD FS,按一下 [宣告提供者信任In the console tree, under AD FS, click Claims Provider Trusts. 建立規則

  3. Right\ 按一下信任選取,然後再按一下編輯理賠要求規則Right-click the selected trust, and then click Edit Claim Rules. 建立規則

  4. 編輯理賠要求規則對話方塊中,在接受轉換規則[新增規則開始規則精靈。In the Edit Claim Rules dialog box, under Acceptance Transform Rules click Add Rule to start the rule wizard. 建立規則

  5. 選取 [規則範本頁面上,在理賠要求規則範本,選取轉換連入宣告從清單中,然後按一下下一步On the Select Rule Template page, under Claim rule template, select Transform an Incoming Claim from the list, and then click Next.
    建立規則

  6. 設定規則頁面上,在理賠要求規則名稱,輸入顯示名稱本規則。On the Configure Rule page, under Claim rule name, type the display name for this rule. 傳入宣告類型,請選取清單鍵入理賠要求。In Incoming claim type, select a claim type in the list. 傳出宣告類型,選取 [宣告類型清單中,選取其中一項下列選項,您的組織需求而定:In Outgoing claim type, select a claim type in the list, and then select one of the following options, which depends on the requirements of your organization:

    • 通過所有宣告值Pass through all claim values

    • 使用不同的傳出宣告值取代傳入宣告值Replace an incoming claim value with a different outgoing claim value

    • 使用新的電子郵件 e\ 尾碼取代連入 e\ 郵件尾碼宣告Replace incoming e-mail suffix claims with a new e-mail suffix
      建立規則

  7. 按一下完成按鈕。Click the Finish button.

  8. 編輯理賠要求規則對話方塊中,按[確定]來儲存規則。In the Edit Claim Rules dialog box, click OK to save the rule.

注意

如果您的設定,請使用 AD FS\ 發行宣告動態存取控制案例,第一次建立轉換規則信任宣告提供者,以及傳入宣告類型,輸入名稱,連入宣告,或如果您之前已建立宣告描述,從清單中選取它。If you are setting up the Dynamic Access Control scenario that uses AD FS-issued claims, first create a transform rule on the claims provider trust, and in Incoming claim type, type the name for the incoming claim, or, if a claim description was previously created, select it from the list. 第二個,在傳出宣告類型、選取您想要宣告 URL,然後建立轉換規則信賴廠商信任發行裝置理賠要求。Second, in Outgoing claim type, select the claim URL that you want, and then create a transform rule on the relying party trust to issue the device claim.

如需動態存取控制案例中,請查看動態存取控制內容藍圖使用 AD DS 宣告 AD FS 使用For more information about Dynamic Access Control scenarios, see Dynamic Access Control Content Roadmap or Using AD DS Claims with AD FS.

若要建立轉換在 Windows Server 2012 R2 傳入理賠要求規則To create a rule to transform an incoming claim in Windows Server 2012 R2

  1. 在伺服器管理員中,按一下工具,然後按AD FS 管理In Server Manager, click Tools, and then click AD FS Management.

  2. 主控台中在AD FS\Trust 關係,按一下宣告提供者信任可以廠商信任,,然後按一下 [特定信任在清單中您想要用來建立本規則。In the console tree, under AD FS\Trust Relationships, click either Claims Provider Trusts or Relying Party Trusts, and then click a specific trust in the list where you want to create this rule.

  3. Right\ 按一下信任選取,然後再按一下編輯理賠要求規則Right-click the selected trust, and then click Edit Claim Rules.
    建立規則

  4. 編輯理賠要求規則對話方塊中,選取其中一種下列索引標籤,而定信任您正在編輯,並在哪一個規則設定您想要建立本規則,然後按一下 [ [新增規則以開始規則該組相關聯的規則精靈:In the Edit Claim Rules dialog box, select one the following tabs, which depends on the trust that you are editing and in which rule set you want to create this rule, and then click Add Rule to start the rule wizard that is associated with that rule set:

    • 接受轉換規則Acceptance Transform Rules

    • 發行轉換規則Issuance Transform Rules

    • 發行授權規則Issuance Authorization Rules

    • 委派授權規則Delegation Authorization Rules
      建立規則

  5. 選取 [規則範本頁面上,在理賠要求規則範本,選取轉換連入宣告從清單中,然後按一下下一步On the Select Rule Template page, under Claim rule template, select Transform an Incoming Claim from the list, and then click Next.
    建立規則

  6. 設定規則頁面上,在理賠要求規則名稱,輸入顯示名稱本規則。On the Configure Rule page, under Claim rule name, type the display name for this rule. 傳入宣告類型,請選取清單鍵入理賠要求。In Incoming claim type, select a claim type in the list. 傳出宣告類型,選取 [宣告類型清單中,選取其中一項下列選項,您的組織需求而定:In Outgoing claim type, select a claim type in the list, and then select one of the following options, which depends on the requirements of your organization:

    • 通過所有宣告值Pass through all claim values

    • 使用不同的傳出宣告值取代傳入宣告值Replace an incoming claim value with a different outgoing claim value

    • 使用新的電子郵件 e\ 尾碼取代連入 e\ 郵件尾碼宣告Replace incoming e-mail suffix claims with a new e-mail suffix
      建立規則

注意

如果您的設定,請使用 AD FS\ 發行宣告動態存取控制案例,第一次建立轉換規則信任宣告提供者,以及傳入宣告類型,輸入名稱,連入宣告,或如果您之前已建立宣告描述,從清單中選取它。If you are setting up the Dynamic Access Control scenario that uses AD FS-issued claims, first create a transform rule on the claims provider trust, and in Incoming claim type, type the name for the incoming claim, or, if a claim description was previously created, select it from the list. 第二個,在傳出宣告類型、選取您想要宣告 URL,然後建立轉換規則信賴廠商信任發行裝置理賠要求。Second, in Outgoing claim type, select the claim URL that you want, and then create a transform rule on the relying party trust to issue the device claim.

如需動態存取控制案例中,請查看動態存取控制內容藍圖使用 AD DS 宣告 AD FS 使用For more information about Dynamic Access Control scenarios, see Dynamic Access Control Content Roadmap or Using AD DS Claims with AD FS.

  1. 按一下完成Click Finish.

  2. 編輯理賠要求規則對話方塊中,按[確定]來儲存規則。In the Edit Claim Rules dialog box, click OK to save the rule.

其他參考資料Additional references

設定理賠要求規則Configure Claim Rules

檢查清單︰ 建立信賴的派對信任理賠要求規則Checklist: Creating Claim Rules for a Relying Party Trust

檢查清單︰ 建立理賠要求規則宣告提供者信任Checklist: Creating Claim Rules for a Claims Provider Trust

使用授權理賠要求規則When to Use an Authorization Claim Rule

宣告的角色The Role of Claims

宣告規則的角色The Role of Claim Rules