Claims
The Claims node is used to view and administer configuration information about how Claims Issuers map to K2 security labels, and what types of claims are used from the token.
On this page you can Add, Edit, Delete and Refresh Security Labels for Claims Issuers. Click on a Security Label from the Security Labels list to view the associated Claims for that Security Label.
Follow these steps to associate a Security Label with a new Claims Issuer:
-
Click New from the Security Labels view.
- On the New Claim Mapping page, enter values in the fields for the new Security Label. Use the table below the image for guidance in configuring the claim mapping.
Field Description Security Label The security label that the issuer is associated with. (For information about registering a custom label, see KB000186.) Whatever you select here for the label will prepend that value to users from this Identity Provider. You should have a single IdP mapped to a single label. You can have multiple claim type mappings using a single label, however for this to work in K2 the user manager must be able to resolve back to the IdPs Issuer Select the issuer associated with the Claim Mapping. (If you don't see any issuers in here you either do not have any issuers configured, or they are already mapped to a label.) Claim Type Info When you have multiple claims mappings associated with a single label, you must use the Claim Type Info setting to indicate which claims mappings contain SharePoint users. The Claims Type Info setting is used in this scenario to indicate that the mappings associated with the Windows claims mapping when resolving users in groups must not be used, because the other mapping (AD FS or some other IdP) contained the user information. In SharePoint 2013 this setting is used in the same capacity. Even though Nintex K2 trusts the issuers (STSs) directly, and there will typically be a single claim mapping per label, if the Claim Type Info setting is not true then users associated with that IdP will not be resolved from SharePoint groups. Name Identity Issuer The name identity issuer (NII) associated with the issuer. The value is case-sensitive. For example, Windows (AD) is urn:office:idp:activedirectory. User Token Identifier The identifier that SharePoint uses to identify users. For example, Windows (AD) is i:0#.w.
(User Token Identifier is only used when handling claims tokens from SharePoint)Group Token Identifier The identifier SharePoint uses to identify groups. For example, Windows (AD) is c:0+.w.
(Group Token Identifier is only used when handling claims tokens from SharePoint)Identity Provider > Original Issuer The original issuer of the claim. Corresponds to the Issuer Name column. For example, Windows (AD) by default is WindowsSTS. Identity Provider > Claim Type The claim type for the identity provider. For example, Windows (AD) is http://schemas.microsoft.com/identity/claims/identityprovider. Identity Provider > Claim Value The claim value for the identity provider. For example, Windows (AD) is WindowsSTS. Identity > Original Issuer The original issuer for the identity claim. For example, Windows (AD) is AD AUTHORITY. Identity > Claim Type The claim type for the identity claim. For example, Windows (AD) is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name. Identity > Claim Value The claim value for the identity claim. This is typically left blank (null) but may require a value. Security Label > Original Issuer The original issuer for the security label. This is typically only required when using the FormsSTS and when the Designer site is configured to use multiple authentication methods. Security Label > Claim Type The claim type for the security label. Security Label > Claim Value The claim value for the security label. - Click OK.
Follow these steps to edit a Security Label:
-
Select the Security Label you want to edit. The Edit button becomes available.
- Click Edit
- Change the values you want to edit using the table in add as a guide. Click OK.
Follow these steps to delete a Security Label:
-
Select the Security Label you want to delete. The Delete button becomes available.
- Click Delete.
- Click OK to confirm that you want to delete the Claim Type Mapping.
The Refresh button refreshes the Security Labels list after changes have been applied.
Claims
The Claims view displays a list of claims mapped to the selected Security Label. For more information on Claims, see KB002027.