Description—You have configured claims-based authorization for a published application using claim types provided by an AD FS 2.0 authentication server that is not configured for trunk authentication and you receive the following message "The application 'application_name' in trunk 'trunk_name' uses authorization rules based on claims from authentication servers that are not configured for trunk authentication. Remove these rules from the application configuration."

Cause—You can configure claims-based authorization only when using federated trunk authentication and only using claim types from the AD FS 2.0 authentication server that is being used for trunk authentication.

Solution—To remove authorization rules from the application configuration:

  1. In the Forefront UAG Management console, click the trunk through which the application is published. In the Applications list, click the application, and then click Edit.
  2. On the Application Properties dialog box, click the Authorization tab.
    Each rule that uses an AD FS 2.0 server is listed in the format: <AD_FS_2.0_Application_Name>:<claim_type_URI> [claim_value].
    Where AD_FS_2.0_Application_Name is the application name of the configured AD FS 2.0 server.
  3. For each rule that uses a claim type from an AD FS 2.0 server that is not used for trunk authentication, click the rule, and then click Remove.
  4. After removing the relevant rules, click OK, and then activate the configuration.