MVC SSO ADFS Claims missing

Question

I am implementing SSO for Umbraco (ADFS), login and creating users all work properly.

The only thing I can't figure out is getting the right user rolls (claims), when I output the claims:

string.Join(",", identity.Claims);

The only things I get are these:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn: ***,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: ***,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: ***,
http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod: ***,
http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant: ***

The person who configured the ADFS side told me that the roles should be in the 'http://schemas.xmlsoap.org/claims/Group' claim.

But eh.. When I check the available claims in the 'System.Security.Claims.ClaimTypes' class, this one doesn't even exist.

Does that mean that when he change the roles to the claim type to 'http://schemas.microsoft.com/ws/2008/06/identity/claims/roles' which is available, it should all work?

Or did I totally understood this wrong?

rbrayb · Accepted Answer · 2020-05-26 21:23:31Z

0

You are correct.

You should set up a RP trust with the standard LDAP rule which maps "Token Groups - Unqualified Names" to Roles.

answered May 26, 2020 at 21:23

rbrayb

47.6k34 gold badges117 silver badges178 bronze badges

Add a comment |

Collectives™ on Stack Overflow

MVC SSO ADFS Claims missing

1 Answer 1

Not the answer you're looking for? Browse other questions tagged
model-view-controller
single-sign-on
adfs
claims
or ask your own question.

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Not the answer you're looking for? Browse other questions tagged model-view-controllersingle-sign-onadfsclaims or ask your own question.

Related

Not the answer you're looking for? Browse other questions tagged
model-view-controller
single-sign-on
adfs
claims
or ask your own question.