When using federated authentication the identity provider decides solely what
claims to use to populate the incoming identity. If using multiple identity
providers there is very high probability that they will present the same
information in somewhat different ways. That's where the
ClaimsAuthenticationManager fits in. It works as a translation filter,
that can modify or replace the incoming identity as soon as it has been
constructed from the incoming authentication response.
Implement a ClaimsAuthenticationManager by creating a class derived from the
System.Security.Claims.ClaimsAuthenticationManager
class.
Then register it with a
<claimsAuthenticationManager>
element in the configuration if the configuration is loaded from the config file.
If the configuration is done in code (typically for the OWIN middleware) the
ClaimsAuthenticationManager should be registered in
Options.SPOptions.SystemIdentityModelIdentityConfiguration.ClaimsAuthenticationManager.