Last post May 29, 2014 08:02 AM by programmer09
May 28, 2014 06:41 AM|programmer09|LINK
I am returning 2 Claims from the STS Application (Name & Role) but RP is only showing 1 claim (Name).
FederationMetadata.xml is Issuing those two claims. What am I missing:
My STS code looks like this:
protected override IClaimsIdentity GetOutputClaimsIdentity( IClaimsPrincipal principal, RequestSecurityToken request, Scope scope )
if ( null == principal )
throw new ArgumentNullException( "principal" );
ClaimsIdentity outputIdentity = new ClaimsIdentity();
outputIdentity.Claims.Add( new Claim( System.IdentityModel.Claims.ClaimTypes.Name, principal.Identity.Name ) );
outputIdentity.Claims.Add( new Claim( ClaimTypes.Role, "Manager" ) );
And from RP I am consuming Claims on load like this:
IClaimsPrincipal claimsPrincipal = Page.User as IClaimsPrincipal;
IClaimsIdentity claimsIdentity = ( IClaimsIdentity )claimsPrincipal.Identity;
But my IClaimsIdentity contains only 1 Claim.
I need to consume all the claims that are returned from STS in my RP Application.
May 28, 2014 07:39 AM|BrockAllen|LINK
In the RP do you have a claims authentication manager registered that's removing the claims?
May 28, 2014 08:30 AM|programmer09|LINK
I couldn't find anything like authentication manager in web.config.
Could you please let me know where to find authentication manager?
May 28, 2014 08:36 AM|BrockAllen|LINK
Yes, it would probably be in .config. I'd suggest looking at the SAML token on the wire and inspecting what claims are really in there -- it's just XML and you shoul[d be able to capture it in your browser F12 tools as the user is redirected back from the
STS to the RP.
May 29, 2014 02:51 AM|programmer09|LINK
These are the claims in SAML token:
But still I am not able to fetch "Role" Values as it doesn't appear in following code on my RP:
May 29, 2014 07:34 AM|BrockAllen|LINK
Not sure then -- something in your WIF code could be converting/stripping the claims. You will have to debug more.
May 29, 2014 08:02 AM|programmer09|LINK
Thanks for ur time BrockAllen