Freigeben über


Azure AppFabric Access Control Service (ACS) v2 Token Transformation Rules

Azure AppFabric Access Control Service (ACS) v2 provides powerful feature of token transformation. It gives you ability to transform a token by adding new claims or changing claims that come with the original token. Consider the following generic architecture of ACS:

Azure AppFabrice (ACS) Architecture

Notice that the token received from IdP (Identity Provider), colored green, is different from the token received from ACS, colored blue. The transformation is done by ACS and its behavior can be controlled by using Rules and Rule Groups.

Each rule describes specific transformation. Rules are not directly associated with your application. Rules aggregated into Rule Groups, Rule Groups applied to your application (Relying Party). Consider the following diagram:

ACS Token Transformation Rules and Rule Groups

The process of creating token transformation can be described be as follows:

  1. Create transformation Rules.
  2. Aggregate relevant rules into Rule Group.
  3. Apply relevant Rule Groups to Relying Party.