If you want to restrict claims from being passed on in the pipeline that have not been added to the Safewhere*Identify list of claim types, you can use the “Exclude Passthrough Claims” Transformation object. This simply stops any claim value from passing through, which meets the set filters of the Transformation object.
The Transformation consists of five sections:Claim Transformation Name: Give the Transformation object a name that will make it easy to recognize when adding to the Pipelines of Authentication and Protocol connections.
Culture: Since expression may be using and comparing numbers, it is important for the system to know what culture is used in order to know whether comma or dot indicates a decimal point. Currently only two cultures are supported, Danish (comma is decimal point) and American (dot is decimal point). These should cover the needs of other cultures in regards to this issue.
Owner Organization: The organization that the Claim Transformation is added to.
Execute before loading claims from local store: By default, a claim transformation rule is executed after claims from local store are loaded for a principal. Check this option to let it execute before the load.
Conditions: It is possible to specify that the Transformation object is only applied to a Pipeline given certain conditions of the token or user is in place, include:
- The option to skip the Transformation step when the token belongs or does not belong to a user identified as existing in the Safewhere*Identify repository.
- The option to specify that the Transformation object is not applied when token is processed via specific Authentication Connection or Protocol Connection.
- The option to specify regular expressions that define which tokens are to be exposed to the transformation step. Please see the Using Regular Expressions in Claim Transformation Conditions section to learn more.
Exclude Passthrough Claims: If there are claims that you do not want to pass through the pipeline, you may add them to this list. If you only add the claim type without a value, then all claims in a token with that claim type will be filtered out of the token and not passed on. If you also add a value, then only claims with that specific value will be filtered out of the token. In addition, we also support the regexp to filter the values, for example: