GroupClaim Class


A group claim for the trusting or trusted realm.

Namespace:   System.Web.Security.SingleSignOn
Assembly:  System.Web.Security.SingleSignOn (in System.Web.Security.SingleSignOn.dll)

public class GroupClaim : TrustPolicyEntryBase


Initializes a new instance of the GroupClaim class.


Initializes a new instance of the GroupClaim class with the specified name.


Gets or sets whether the trust with this realm is currently active. If this is set, no tokens will be accepted from this partner.(Inherited from TrustPolicyEntryBase.)


Gets or sets the name for the group that this GroupClaim represents.


Gets or sets a Boolean to indicate if the contents of this GroupClaim can be audited or not.


Gets or sets the universal unique identifier (UUID) for this TrustPolicyEntryBase object.(Inherited from TrustPolicyEntryBase.)


Determines whether the specified GroupClaim is equal to the current GroupClaim.(Overrides Object.Equals(Object).)


(Inherited from Object.)


Gets the hash code for this instance.(Overrides Object.GetHashCode().)


(Inherited from Object.)


(Inherited from Object.)


Returns a string that represents the current GroupClaim object. (Overrides Object.ToString().)

A claim set defines the claim language that can be used within a corporation or between two agreeing corporations. When used between two corporations it represents a business level agreement to exchange the defined authorization data.

The following are the supported claim producers and consumers for group claims:

  • Active Directory Account Store. Windows users and groups may be directly assigned to the Organization group claims using object picker.

  • ADAM Account Store. When the ADAM account store is configured, the Federation Service administrator can specify the LDAP user attribute containing the user's LDAP Groups or any other attribute that could function as a group such as Title if groups are based on job role and then assign each possible LDAP Group to an Organization Group.

  • Account Partner. When the account partner is configured, the Federation Service administrator can specify a set of incoming group claims that may be accepted from the partner and associate each possible incoming group with an Organization group claim (note that this creates a group transform). If an incoming group is encountered that has no transform, it will be discarded.

  • Resource Partner. When the resource partner is configured, the Federation Service administrator can specify a set of outgoing group claims that will be accepted by the resource partner and associate each possible outgoing group to Organization groups (note that this creates a set of group transforms). Organization groups that match no outgoing group will be discarded.

  • Claims-Aware Application. When the application is configured, the Federation Service administrator will specify the Organization group claims that will be sent to the application. Organization groups that are not designated to be sent to the application will be discarded.

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top

Community Additions