我的SAML2工作正常(身份验证:成功),但shibboleth并未向我发送任何索赔数据,我需要 just 用户的电子邮件:)
神志不清的人告诉我要将 this 添加到我的SAML2元数据中……很明显,这不存在。
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:emailAddress</md:NameIDFormat>
我们正在使用https://github.com/Sustainsys/Saml2/中的OWIN中间件来使所有这些正常工作,但这是相当不错的配置吗?
additionalProviders["saml2p"] =
(IAppBuilder app, string signInAsType, AuthenticationProviderElement config) =>
{
var opt = new Saml2AuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId("https://my.site.ca")
},
SignInAsAuthenticationType = signInAsType,
AuthenticationType = "saml2p",
Caption = "MySite",
Notifications = new Saml2Notifications()
{
AcsCommandResultCreated = (result, response) =>
{
var claimsIdentity = result.Principal.Identity as ClaimsIdentity;
//None of this exists in the result
var userEmail = claimsIdentity.Claims.FirstOrDefault(x => x.Type == "User.email");
var userFirstName = claimsIdentity.Claims.FirstOrDefault(x => x.Type == "User.FirstName");
var userLastName = claimsIdentity.Claims.FirstOrDefault(x => x.Type == "User.LastName");
},
LogoutCommandResultCreated = commandResult =>
{
// Post logout URL
commandResult.Location = new Uri("/login", UriKind.Relative);
}
},
};
Sustainsys.Saml2.Configuration.Options.GlobalEnableSha256XmlSignatures();
opt.IdentityProviders.Add(new IdentityProvider(
new EntityId("https://their.site.ca/shibboleth-idp/shibboleth"),
opt.SPOptions)
{
LoadMetadata = true
});
app.UseSaml2Authentication(opt);
};
return additionalProviders;
TL; DR; md:NameIDFormat不在SustainSys SAML2元数据输出中
答案 0 :(得分:0)
我这边的配置正确,问题是shibboleth中的配置未发回http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier声明。