Which rule types should you configure on each side of the federated trust?

DRAG DROP

Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2.

A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with access to contoso.com resources.

You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust.

The solution must meet the following requirements:

• In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.

• In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group membership as the claim type.

The AD FS claim rules must use predefined templates.

Which rule types should you configure on each side of the federated trust? To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation:

* Acceptance transform rule set

A set of claim rules that you use on a particular claims provider trust to specify the incoming claims that will be accepted from the claims provider organization and the outgoing claims that will be sent to the relying party trust.

Used on: Claims provider trusts

* Issuance Authorization Rule Set

A set of claim rules that you use on a relying party trust to specify the claims that will be issued to the relying party.

Used on: Relying party trusts

Reference: The Role of Claim Rules

http://technet.microsoft.com/zh-cn/library/ee913586(v=WS.10).aspx

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments