Export (0) Print
Expand All

CustomTransform Class

The transform to use for the CustomModule. Provides a reference to a user provided extensibility class which implements the IClaimTransform interface.


Namespace: System.Web.Security.SingleSignOn
Assembly: System.Web.Security.SingleSignOn (in system.web.security.singlesignon.dll)

The WebSSO Pluggable Claim Transform Module extends how claim transformations are handled by the Federation Server. It allows you to extend claim transformations and write code to implement your own transformations. The Federation Server administration snap-in will support adding to and deleting from the claim transformation module into the Federation Server trust policy. There is one custom claim transformation module registered per Federation Server.

The following tables indicate when in the claim transformation process the pluggable claim transformation module will be called in relation to the built-in claim transformations. The built-in claim transformation refers to the claim transformations defined in the trust policy. The top row of each table is the first transformation step and the bottom row of the table is the final transformation step. Note that at the final transformation step the outgoing claims are what will be sent in the token returned to the client. In each step some but not all of the claim collections may change. Change is indicated in the table by the version number of the claims in each step. The claims are not shown in the row when they will have no affect on further transformation steps. The claim transformation module is called twice for each scenario allowing a pre-processing stage and a post-processing stage.

The table below describes the order of the claim transformation steps when a token is being requested from the FS-A and getting a token for a FS –R, the resource side of a federation. This same table applies when credentials are either authenticated by an account store or when a cookie is used to authenticate.

Claim Transformation Step

Incoming claims

Corporate claims

Outgoing claims

Account Store

-

1

-

Custom Claim Transformation Module

-

2

1

Built-in claim transformations

-

2

2

Custom Claim Transformation Module

-

-

3

The table below describes the order of the claim transformation steps when a token is being requested from the FS-R and getting a token for a resource Web Server, the account side of a federation.

Claim Transformation Step

Incoming claims

Corporate claims

Outgoing claims

Incoming from FS-A

1

-

-

Custom Claim Transformation Module

2

1

1

Built-in claim transformations to corporate claims

2

2

1

Built in claim filtering for the application

-

2

2

Custom Claim Transformation Module

-

-

3

The table below describes the order of the claim transformation steps when a token is being requested from the FS-R with a cookie and getting a token for a resource Web Server, the account side of a federation. The difference between this table and the previous is that in this table there are no initial incoming claims and only the built in transform from corporate to outgoing application claims.

Claim Transformation Step

Incoming claims

Corporate claims

Outgoing claims

Incoming from cookie

-

1

-

Custom Claim Transformation Module

-

2

1

Built-in claim filtering for the application

-

2

2

Custom Claim Transformation Module

-

-

3

The table below describes the order of the claim transformation steps when a token is being requested from the Federation Server when it is acting as both the FS-A and the FS–R, in other words the client's Federation Server when the resource application directly trusts the Federating Service. This same table applies when either credentials are authenticated by an account store or when a cookie is used to authenticate.

Claim Transformation Step

Incoming claims

Corporate claims

Outgoing claims

Account Store

-

1

-

Custom Claim Transformation Module

-

2

1

Built-in claim filtering for the application

-

2

2

Custom Claim Transformation Module

-

-

3

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Development Platforms

Target Platforms

Windows Server 2008, Windows Server 2003, Windows Vista, Windows Server 2003 R2, Windows XP
Footer image

Send comments about this topic to Microsoft.

Community Additions

ADD
Show:
© 2014 Microsoft