Monday, August 06, 2012

ADFS : Restricting access to an application

 

Most of the available documentation talks about ADFS as a claims-provider and the RP (the application) uses the set of claims to decide on access and functionality.

However, there are claims which restrict access at the ADFS level.

These are the permit / deny claims.

Refer:

Create a Rule to Permit or Deny Users Based on an Incoming Claim

An ADFS Claims Rules Adventure

Introduction to Token Issuance Authorization in AD FS 2.0 RC

If you set these rules up correctly, you will get an “Access Denied” error from ADFS.

Because this is all controlled by the claims rules language, you can have complex IF – AND – OR – NOT scenarios to decide whether or not the user gets access to the application.

Enjoy!

No comments: