Claims from Different Providers

This is a compilation of claims that are sent from different providers when using Windows Azure Access Control Service.

Windows Live ID

The only two claims from Windows Live ID are:

Claim Type Example Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name iLO4AOwdo6pSpVSmKYiwL4/xIBGYHl/5f7vV/km/2lg=
http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider uri:WindowsLiveID

Google

Claim Type Example Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier https://www.google.com/accounts/o8/id?id=AItOawlREZ6oNiBdgeonz18vU93d2KqfH3VhH7o
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress henrik.olsson@somedomain.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name Henrik Olsson
http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider Google

ADFS 2.0

With ADFS 2.0, you can configure which AD attributes are mapped using claim rules. This is a sample mapping:

LDAP Attribute Outgoing Claim Type Example Value
  http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows
Display-Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name Henrik Olsson
E-Mail-Addresses http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress henrik.olsson@somedomain.com
User-Principal-Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn holsson@somedomain.com
Token-Groups – Unqualified names http://schemas.microsoft.com/ws/2008/06/identity/claims/role Domain Users
SAM-Account-Name http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname holsson
Advertisements