Add a Claims-Aware Application

Claims are statements (for example, name, identity, key, group, privilege, or capability) made about users—and understood by both partners in an Active Directory Federation Services (AD FS) federation—that are used for authorization purposes in an application. A claims-aware application is a Microsoft ASP.NET application that has been written using the AD FS class library. This type of application is fully capable of using AD FS claims to make authorization decisions directly. A claims-aware application accepts claims that the Federation Service sends in AD FS security tokens.

Membership in the Administrators local group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at https://go.microsoft.com/fwlink/?LinkId=83477 .

You can use the following procedure to add a claims-aware application to the Federation Service trust policy.

1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
2. In the console tree, double-click Federation Service, Trust Policy, and My Organization.
3. Right-click Applications, point to New, and then click Application.
4. On the Welcome to the Add Application Wizard page, click Next.
5. On the Application Type page, click Claims-aware application, and then click Next.
6. On the Application Details page, do the following, and then click Next:
7. In Application display name, type the name of the application.

This URL must match the return URL that is configured on the AD FS Web Agent for this application.

If the application requires user principal name (UPN) identity claims to make authorization decisions, select the User principal name (UPN) check box.