Dynamic Claim Types
There is data stored about a user in a SQL database (or other attribute store). The data stored about the user in the database needs to be a part of the claim type and not the value of the claim.
For example, properties “Redmond” and “Building3” stored in a database, in column “property” about the user.
Desired Result using Dynamic Claim Types:
http://contoso.com/Redmond = “Yes” http://contoso.com/Building3 = “Yes”
Not Desired Result:
http://contoso.com/property = “Redmond” http://contoso.com/property = “Building3”
This can be accomplished using two custom claim rules. The first will pull the values stored in the database and place them in a variable claim. The second rule will take those values and use them to dynamically choose the claim types issued. Below is a sample of these two custom claim rules.
Custom Claim Rule 1:
c:[type == "http://contoso.com/name"] => add( store = "Custom SQL store", types = ("variable"), query = "SELECT property FROM users WHERE name='{0}'", param = c.Value );
Assuming there is an incoming “name” claim, query the SQL database for a list of properties about that user, and store those properties into “variable” claim(s).
Custom Claim Rule 2:
c:[type == "variable"] => issue (Type = “http://contoso.com/”+c.Value, Value = “Yes”);
Take the values of each variable claim, and use that to create the dynamic claim with a value of “Yes”. This takes a static string and appends the value of the claim.