Freigeben über


SAML Claims User Id Format

I was working with a customer and shared this information about the format in which user identity claims (aka user id) appears in any Claims based site. I shared below information with the customer and it appeared they didn't know about this until then. Sharing this information here for the greater community.

SharePoint 2013 and SharePoint 2010 display identity claims with the following encoding format:

<IdentityClaim>:0<ClaimType><ClaimValueType><AuthMode>|<OriginalIssuer (optional)>|<ClaimValue>

Example: i:05.t|saml provider|spuserid@contoso.lab

Where:

- <IdentityClaim> indicates the type of claim and is the following:

“**i**” for an identity claim
  • c” for any other claim
    -
    <ClaimType> indicates the format for the claim value and
    is the following: -
    # ” for a user logon name -
    . ” for  an anonymous user -
    5” for an email address -
    ! ” for an identity provider -
    + ” for a Group security identifier (SID) -
    - “ for a role -
    % ” for a farm ID -
    ? ” for a name identifier -
    " \ " for a private personal identifier (PPID)
    -
    <ClaimValueType> indicates the type of formatting for the
    claim value and is the following: -
    . ” for a string -
    + ” for an RFC 822-formatted name
    -
    <AuthMode> indicates the type of authentication used to
    obtain the identity claim and is the following: -
    w” for Windows claims (no original issuer) -
    s” for the local SharePoint security token service (STS)
    (no original issuer) -
    t” for a trusted issuer -
    m” for a membership issuer -
    r” for a role provider issuer -
    f” for forms-based authentication -
    c” for a claim provider
    -
    <OriginalIssuer> indicates the original issuer of the
    claim. -
    <ClaimValueType> indicates the value of the claim in the
    <ClaimType> format.