I am using the TestWebAppCore ITfoxtec project to create a sample SAML2 client application in ASP.NET Core. Using the template under the github repo listed above, I am able to retrieve claims and display them. However, I am not able to correctly parse and display claims that are sent as a list of strings.
Here is a sample result of the attribute using a saml trace.
<saml2:Attribute
FriendlyName="memberOf"
Name="memberOf"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>test1</saml2:AttributeValue>
<saml2:AttributeValue>test2</saml2:AttributeValue>
<saml2:AttributeValue>test3</saml2:AttributeValue>
<saml2:AttributeValue>test4</saml2:AttributeValue>
</saml2:Attribute>
Here we can see that the attribute passed in has one key (memberOf) and four values. Parsing the claims using the CreateClaimsPrincipal(ClaimsPrincipal incomingPrincipal) method in the ClaimsTranform.cs file in the TestWebAppCore template will turn it into a List().
private static ClaimsPrincipal CreateClaimsPrincipal(ClaimsPrincipal incomingPrincipal)
{
var claims = new List<Claim>();
// All claims
claims.AddRange(incomingPrincipal.Claims);
// Or custom claims
//claims.AddRange(GetSaml2LogoutClaims(incomingPrincipal));
//claims.Add(new Claim(ClaimTypes.NameIdentifier, GetClaimValue(incomingPrincipal, ClaimTypes.NameIdentifier)));
return new ClaimsPrincipal(new ClaimsIdentity(claims, incomingPrincipal.Identity.AuthenticationType, ClaimTypes.NameIdentifier, ClaimTypes.Role) {
BootstrapContext = ((ClaimsIdentity)incomingPrincipal.Identity).BootstrapContext
});
Is there a way to correctly parse attributes that are passed in as a list of strings?
SAML 2.0 support having the same claim multiple times or a list of values in a claim. But when .NET passes the claims, they are always passed as a list claims with only one value. And thereby it is possible to have repeating claims.
If needed, you need to group the claims afterwords yourself.