Kentor AuthServices/Owin - handling the response from the identity provider

Question

I have a working configuration to authenticate against Azure AD using KentorAuthServices & Owin, but I need to know some basic information about the user that has just logged in. When I used WSFed as the authentication service I could simply handle the SecurityTokenValidated notification as per below. How do I do similarly with KentorAuthServices? I don't see an appropriate notification to pull this information. All I need is the username/email address the user logged in with.

Notifications = new WsFederationAuthenticationNotifications
            {
                SecurityTokenValidated = context =>
                {
                    string username = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;

                    FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(60), true, "");
                    String encryptedTicket = FormsAuthentication.Encrypt(authTicket);
                    context.Response.Cookies.Append(FormsAuthentication.FormsCookieName, encryptedTicket);
                    return Task.FromResult(0);
                }
            }

ETA: Doing some more digging I believe AcsCommandResultCreated is the notification that I want to hook into - but this never fires?

Answer 1

All the information in the SAML Response is converted to claims in the resulting identity. If you are using the default template with ASP.Net Identity you can access the external identity in the ExternalLoginCallback action on the AccountController.

The AcsCommandResultCreated notification should definitely be fired on a sucessful login. Try enable the Katana logging and see if the login sequence is aborted due to an error.