• Skip to main content
  • Skip to primary sidebar

Technical Notes Of
Ehi Kioya

Technical Notes Of Ehi Kioya

  • About
  • Contact
MENUMENU
  • Blog Home
  • AWS, Azure, Cloud
  • Backend (Server-Side)
  • Frontend (Client-Side)
  • SharePoint
  • Tools & Resources
    • CM/IN Ruler
    • URL Decoder
    • Text Hasher
    • Word Count
    • IP Lookup
  • Linux & Servers
  • Zero Code Tech
  • WordPress
  • Musings
  • More
    Categories
    • Cloud
    • Server-Side
    • Front-End
    • SharePoint
    • Tools
    • Linux
    • Zero Code
    • WordPress
    • Musings
Home » SharePoint » Claims encoding reference for SharePoint 2010 and 2013

Claims encoding reference for SharePoint 2010 and 2013

By Ehi Kioya Leave a Comment

A reference table for working with SharePoint claims encoding.

Claims encoding format

SharePoint 2013 and SharePoint 2010 display identity claims with the following encoding format:
<IdentityClaim>:0<ClaimType><ClaimValueType><AuthMode>|<OriginalIssuer(optional)>|<ClaimValue>
 
Each component is explained below:

<IdentityClaim>

Indicates the type of claim and could be one of the following:

  • “i” for an identity claim
  • “c” for any other claim

<ClaimType>

Indicates the format for the claim value and could be one of the following:

  • “#” for a user logon name
  • “.” for an anonymous user
  • “5” for an email address
  • “!” for an identity provider
  • “+” for a Group security identifier (SID)
  • “–” for a role
  • “%” for a farm ID
  • “?” for a name identifier
  • “\” for a private personal identifier (PPID)
  • “e” for a user principal name (UPN)
  • ““” for a user ID
  • “$” for a distribution list security identifier (SID)
  • “&” for a process identity security identifier (SID)
  • “‘” for a process identity logon name
  • “(” for an authenticated user
  • “)” for a primary security identifier (SID)
  • “*” for a primary group security identifier (SID)
  • “0” for an authorization decision
  • “1” for a country
  • “2” for a date of birth
  • “3” for a deny only security identifier (SID)
  • “4” for DNS
  • “6” for a gender
  • “7” for a given name
  • “8” for a hash
  • “9” for a home phone
  • “<” for a locality
  • “=” for a mobile phone
  • “>” for a name
  • “@” for other phone
  • “[” for a postal code
  • “]” for RSA
  • “^” for a secure identifier (SID)
  • “_” for a service principal name (SPN)
  • “`” for a state or province
  • “a” for a street address
  • “b” for a surname
  • “c” for a system
  • “d” for a thumbprint
  • “f” for a uniform resource name (URI)
  • “g” for a web page

<ClaimValueType>

Indicates the type of formatting for the claim value and could be one of the following:

  • “.” for a string
  • “+” for an RFC 822-formatted name
  • “)” for an integer
  • ““” for a Boolean
  • “#” for a date
  • “$” for a date with time
  • “&” for a double
  • “!” for a Base64 formatted binary
  • “0” for a X.500 formatted name

<AuthMode>

Indicates the type of authentication used to obtain the identity claim and could be one of the following:

  • “w” for Windows claims (no original issuer)
  • “s” for the local SharePoint security token service (STS) (no original issuer)
  • “t” for a trusted issuer
  • “m” for a membership issuer
  • “r” for a role provider issuer
  • “f” for forms-based authentication
  • “c” for a claim provider

<OriginalIssuer>

Indicates the original issuer of the claim.

<ClaimValueType>

Indicates the value of the claim in the <ClaimType> format.

Some examples

1. Windows user

i:0#.w|contoso\chris

  • “i” for an identity claim
  • “#” for the user logon name format for the claim value
  • “.” for a string
  • “w” for Windows claims
  • “contoso\chris” for the identity claim value (the Windows account name)

2. Windows authenticated users group

c:0!.s|windows

  • “c” for a claim other than identity
  • “!” for an identity provider
  • “.” for a string
  • “s” for the local SharePoint STS
  • “windows” for the Windows Authenticated Users group

3. SAML authentication (trusted user)

i:05.t|adfs|chris@contoso.com

  • “i” for an identity claim
  • “5” for the email address format for the claim value
  • “.” for a string
  • “t” for a trusted issuer
  • “adfs” identifies the original issuer of the identity claim
  • “chris@contoso.com” for the identity claim value

4. Forms-based authentication

i:0#.f|mymembershipprovider|chris

  • “i” for an identity claim
  • “#”for the user logon name format for the claim value
  • “.” for string
  • “f” for forms-based authentication
  • “mymembershipprovider” identifies the original issuer of the identity claim
  • “chris” for the user logon name

Found this article valuable? Want to show your appreciation? Here are some options:

  1. Spread the word! Use these buttons to share this link on your favorite social media sites.
  2. Help me share this on . . .

    • Facebook
    • Twitter
    • LinkedIn
    • Reddit
    • Tumblr
    • Pinterest
    • Pocket
    • Telegram
    • WhatsApp
    • Skype
  3. Sign up to join my audience and receive email notifications when I publish new content.
  4. Contribute by adding a comment using the comments section below.
  5. Follow me on Twitter, LinkedIn, and Facebook.

Related

Filed Under: SharePoint Tagged With: Claims Encoding, SharePoint

About Ehi Kioya

I am a Toronto-based Software Engineer. I run this website as part hobby and part business.

To share your thoughts or get help with any of my posts, please drop a comment at the appropriate link.

You can contact me using the form on this page. I'm also on Twitter, LinkedIn, and Facebook.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

23,571
Followers
Follow
30,000
Connections
Connect
14,568
Page Fans
Like
  • Recently   Popular   Posts   &   Pages
  • Actual Size Online Ruler Actual Size Online Ruler
    I created this page to measure your screen resolution and produce an online ruler of actual size. It's powered with JavaScript and HTML5.
  • Fix For “Function create_function() is deprecated” In PHP 7.2 Fix For "Function create_function() is deprecated" In PHP 7.2
    As of PHP 7.2 create_function() has been deprecated because it uses eval(). You should replace it with an anonymous function instead.
  • WordPress Password Hash Generator WordPress Password Hash Generator
    With this WordPress Password Hash Generator, you can convert a password to its hash, and then set a new password directly in the database.
  • About
  • Contact

© 2022   ·   Ehi Kioya   ·   All Rights Reserved
Privacy Policy