Reputation: 489
Unable to get all SAML:Attribute
I am trying to implement SSO using MVC.
Below is a part of my sample SAML that is being generated from my organization's ADFS.
<saml:AttributeStatement>
<saml:Subject>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="upn" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
<saml:AttributeValue>[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
<saml:AttributeValue>[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
<saml:AttributeValue>Sanketh K Jain</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
This is how I am trying to get the 3 attributes:
Controller
ViewBag.User = Thread.CurrentPrincipal.Identity as Microsoft.IdentityModel.Claims.ClaimsIdentity;
View
@{
Microsoft.IdentityModel.Claims.ClaimsIdentity user = ViewBag.User;
<span>@user.Name</span><br />
foreach(var c in user.Claims)
{
<span>@c.ClaimType --- </span>
<span>@c.Value</span>
<br />
}
}
Before you ask, I am not using any middle ware, like OWIN. Just a few changes in the Web.config file.
But with this approach, my output only gives me
Sanketh K Jain
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name --- Sanketh K Jain
I would like to know why the other claims, such as upn and emailaddress aren't being accessed by the claims. I am fairly certain that there is nothing wrong in the ADFS implementation, but in case there is, please feel free to advice me on a better approach.
Upvotes: 1
Views: 386
Answers (1)
Reputation: 11
In your controller I think you should use the Microsoft.IdentityModel.Claims and in your view, loop throught Claims.
Example for the email address, you can check with : c.ClaimType == ClaimTypes.Email.
Upvotes: 1
Related Questions
- SAML SSO failure - "Reason: Destination is invalid."
- Authenticate web app Using Saml 2.0 in asp.net
- ASP.Net Core SAML authentication
- SSO using SAML2.0 in asp.net
- Authentication and getting attributes using componentspace SAML library with ForgeRock backend in .NET core
- Failed to receive SAML response by HTTP post
- SAML 2.0 authentication request to Identity Authentication
- Reading SAML Token in ASP.NET
- Single Sign On using SAML 2.0