Which rule types should you configure on each side of the federated trust?

DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. All
domain controllers run Windows Server 2012 R2.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com
users with access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated
trust.
The solution must meet the following requirements:
In contoso.com, replace an incoming claim type named Group with an outgoing claim type named
Role.
In adatum.com, allow users to receive their tokens for the relying party by using their Active
Directory group membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may
be used once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content.

DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. All
domain controllers run Windows Server 2012 R2.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com
users with access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated
trust.
The solution must meet the following requirements:
In contoso.com, replace an incoming claim type named Group with an outgoing claim type named
Role.
In adatum.com, allow users to receive their tokens for the relying party by using their Active
Directory group membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may
be used once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content.

Answer:

Explanation:
* Acceptance transform rule set
A set of claim rules that you use on a particular claims provider trust to specify the incoming claims
that will be accepted from the claims provider organization and the outgoing claims that will be sent
to the relying party trust.
Used on: Claims provider trusts
* Issuance Authorization Rule Set
A set of claim rules that you use on a relying party trust to specify the claims that will be issued to
the relying party.
Used on: Relying party trusts

The Role of Claim Rules
http://technet.microsoft.com/zh-cn/library/ee913586(v=WS.10).aspx

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

kurt

kurt

Joe says:
July 20, 2015 at 4:40 pm
The 2 domains do not matter in this example, you just need to know that the claims provider trust is set on the relying party and the relying party trust is set on the claims provider.
The relying party ‘accepts’ connections from the claims provider. The only rule that the claims provider trusts can be given is the acceptance transform rule (this is the only one that can be configured for the claims provider trust)
The claims provider tells users that they are authorized to connect to the relying party, therefore the relying party trust uses the issuance authorization rule (it issues the authorization to the users)

thank u joe.makes it easy to remember

Reply