Which rule types should you configure on each side of t…

DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain
controllers run Windows Server 2012 R2.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with
access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust.
The solution must meet the following requirements:
In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.
In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group
membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used
once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:

DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain
controllers run Windows Server 2012 R2.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com users with
access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated trust.
The solution must meet the following requirements:
In contoso.com, replace an incoming claim type named Group with an outgoing claim type named Role.
In adatum.com, allow users to receive their tokens for the relying party by using their Active Directory group
membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may be used
once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:

Answer:

Explanation:
* Acceptance transform rule set
A set of claim rules that you use on a particular claims provider trust to specify the incoming claims that will be
accepted from the claims provider organization and the outgoing claims that will be sent to the relying party
trust.
Used on: Claims provider trusts
* Issuance Authorization Rule Set
A set of claim rules that you use on a relying party trust to specify the claims that will be issued to the relying
party.
Used on: Relying party trusts



Leave a Reply 1

Your email address will not be published. Required fields are marked *


fiber

fiber

Right,

copied from another answer in this site:

The 2 domains do not matter in this example, you just need to know that the claims provider trust is set on the relying party and the relying party trust is set on the claims provider.

The relying party ‘accepts’ connections from the claims provider. The only rule that the claims provider trusts can be given is the acceptance transform rule (this is the only one that can be configured for the claims provider trust)

The claims provider tells users that they are authorized to connect to the relying party, therefore the relying party trust uses the issuance authorization rule (it issues the authorization to the users)