Claims X-Ray
Claims X-Ray is an online service that can be used to debug and troubleshoot problems with claims issuance. It will interact with your AD FS deployment and help you issue the claims that you need for your applications.

Choose between different authentication methods and request types, and we will show you all of the claims returned by your federation service. You can use this to fully customize your policies to get the claims you need.
  • Federation Services Configuration
    In order to use Claims X-Ray, you must create a relying party trust for the service in your federation deployment. You can customize the claim rules to whatever you want to test. We've provided an example below that will display all claims.
    1. Log into the primary node of your federation service
    2. Launch an elevated PowerShell session
    3. Create the Claims X-Ray relying party trust





    In order to use oAuth with Claims X-Ray, you must create an oAuth client for the service in your federation deployment.
    This functionality is only available on Windows Server 2012 R2 and above, and it requires that your federation service is available on the extranet.
    1. Log into the primary node of your federation service
    2. Launch an elevated PowerShell session
    3. Create the oAuth client


  • Claims X-Ray
    In order to perform an x-ray on your claims, we need you to provide us with some information. Once you've made your selections, we will open a new browser tab, redirect to your service, obtain a token, and finally display your claims.
    1. Specify your federation service name
    2. Select the authentication method
    3. Select the token request type
    Note: if you want to force fresh authentication for your request, you need to turn that feature on using the toggle switch below.

    Choose how you want to use the x-ray service.
    Federation instance:
    https://
    Authentication type
    Token Request


    By clicking on Test Authentication you agree to our Terms of Use and Privacy Agreement.