A reference table for working with SharePoint claims encoding.

Claims encoding format

SharePoint 2013 and SharePoint 2010 display identity claims with the following encoding format:
<IdentityClaim>:0<ClaimType><ClaimValueType><AuthMode>|<OriginalIssuer(optional)>|<ClaimValue>
 
Each component is explained below:

<IdentityClaim>

Indicates the type of claim and could be one of the following:

• “i” for an identity claim
• “c” for any other claim

<ClaimType>

Indicates the format for the claim value and could be one of the following:

• “#” for a user logon name
• “.” for an anonymous user
• “5” for an email address
• “!” for an identity provider
• “+” for a Group security identifier (SID)
• “–” for a role
• “%” for a farm ID
• “?” for a name identifier
• “\” for a private personal identifier (PPID)
• “e” for a user principal name (UPN)
• ““” for a user ID
• “$” for a distribution list security identifier (SID)
• “&” for a process identity security identifier (SID)
• “‘” for a process identity logon name
• “(” for an authenticated user
• “)” for a primary security identifier (SID)
• “*” for a primary group security identifier (SID)
• “0” for an authorization decision
• “1” for a country
• “2” for a date of birth
• “3” for a deny only security identifier (SID)
• “4” for DNS
• “6” for a gender
• “7” for a given name
• “8” for a hash
• “9” for a home phone
• “<” for a locality
• “=” for a mobile phone
• “>” for a name
• “@” for other phone
• “[” for a postal code
• “]” for RSA
• “^” for a secure identifier (SID)
• “_” for a service principal name (SPN)
• “`” for a state or province
• “a” for a street address
• “b” for a surname
• “c” for a system
• “d” for a thumbprint
• “f” for a uniform resource name (URI)
• “g” for a web page

<ClaimValueType>

Indicates the type of formatting for the claim value and could be one of the following:

• “.” for a string
• “+” for an RFC 822-formatted name
• “)” for an integer
• ““” for a Boolean
• “#” for a date
• “$” for a date with time
• “&” for a double
• “!” for a Base64 formatted binary
• “0” for a X.500 formatted name

<AuthMode>

Indicates the type of authentication used to obtain the identity claim and could be one of the following:

• “w” for Windows claims (no original issuer)
• “s” for the local SharePoint security token service (STS) (no original issuer)
• “t” for a trusted issuer
• “m” for a membership issuer
• “r” for a role provider issuer
• “f” for forms-based authentication
• “c” for a claim provider

<OriginalIssuer>

Indicates the original issuer of the claim.

<ClaimValueType>

Indicates the value of the claim in the <ClaimType> format.

Some examples

1. Windows user

i:0#.w|contoso\chris

• “i” for an identity claim
• “#” for the user logon name format for the claim value
• “.” for a string
• “w” for Windows claims
• “contoso\chris” for the identity claim value (the Windows account name)

2. Windows authenticated users group

c:0!.s|windows

• “c” for a claim other than identity
• “!” for an identity provider
• “.” for a string
• “s” for the local SharePoint STS
• “windows” for the Windows Authenticated Users group

3. SAML authentication (trusted user)

i:05.t|adfs|chris@contoso.com

• “i” for an identity claim
• “5” for the email address format for the claim value
• “.” for a string
• “t” for a trusted issuer
• “adfs” identifies the original issuer of the identity claim
• “chris@contoso.com” for the identity claim value

4. Forms-based authentication

i:0#.f|mymembershipprovider|chris

• “i” for an identity claim
• “#”for the user logon name format for the claim value
• “.” for string
• “f” for forms-based authentication
• “mymembershipprovider” identifies the original issuer of the identity claim
• “chris” for the user logon name