Can we get the attributes sent by IDP after sending to saml2/ACS in SP return url?

Question

I am implementing Saml authnetication to an MVC application with the use of Sustainsys.Saml2.MVC and could successfully navigate the user to the IDP and get the saml response to saml2/ACS. As I read we can have access to Saml response parameters with the Claims but when I search in claims to find the claims with the issure same as the one written in Saml response I can't find any. And I need to get some attributes which were written in Saml response to continute the rest of my implementation. Is there a solution to get the same Saml response which was sent to saml2/Acs in the reutrning url in application?

Answer 1

To get the needed attributes from the SAml response which was sent to Saml2/ACS we need to define our needed attributes when declaring sustainsys element in webconfig: In my case I did it like:

<nameIdPolicy allowCreate="true" format="Persistent" />
<metadata>
  <requestedAttributes>
  <add friendlyName="email" name="urn:email" nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" isRequired="true" />
  <add friendlyName="xdsuser" name="urn:xdsuser" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"></add>
  <add friendlyName="globaluser" name="urn:globaluser" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"></add>
  <add friendlyName="groups" name="groups" nameFormat="urn:oasis:names:tc:SAML:2.0:assertion" isRequired="true"></add>
  <add name="Minimal" />
</requestedAttributes>
</metadata>
<identityProviders>
             <add entityId="https://myIDPID" metadataLocation="~/App_Data/IDPConfig.xml" signOnUrl="https://MyIDPSignonUrl" allowUnsolicitedAuthnResponse="true" loadMetadata="true" />
</identityProviders>