You can also configure any number of claims in Name=Value format. These name/value pairs are often named role claims.
Role claims are found by reading a configurable attribute on the user record in your user directory. You can then assign any name you want for the claim. For example, you can name a claim “userrole” and configure it to point to the “employeeType” attribute in your LDAP directory.
After authentication the Agent for SharePoint creates a name/value pair such as “userrole=manager” for the claim. If the "employeeType" attribute for the authenticated user contains the value named manager, SharePoint allows the user access to the resource.
Copyright © 2013 CA.
All rights reserved.
|
|