Exclude Passthrough Claims Transformation


If you want to restrict claims from being passed on in the pipeline that have not been added to the Safewhere*Identify list of claim types, you can use the “Exclude Passthrough Claims” Transformation object. This simply stops any claim value from passing through, which meets the set filters of the Transformation object.

image28

The Transformation consists of five sections:

Claim Transformation Name: Give the Transformation object a name that will make it easy to recognize when adding to the Pipelines of Authentication and Protocol connections.

Culture: Since expression may be using and comparing numbers, it is important for the system to know what culture is used in order to know whether comma or dot indicates a decimal point. Currently only two cultures are supported, Danish (comma is decimal point) and American (dot is decimal point). These should cover the needs of other cultures in regards to this issue.

Owner Organization: The organization that the Claim Transformation is added to.

Execute before loading claims from local store: By default, a claim transformation rule is executed after claims from local store are loaded for a principal. Check this option to let it execute before the load.

Conditions: It is possible to specify that the Transformation object is only applied to a Pipeline given certain conditions of the token or user is in place, include:

Exclude Passthrough Claims: If there are claims that you do not want to pass through the pipeline, you may add them to this list. If you only add the claim type without a value, then all claims in a token with that claim type will be filtered out of the token and not passed on. If you also add a value, then only claims with that specific value will be filtered out of the token. In addition, we also support the regexp to filter the values, for example: