Attributes with multiple AttributeValue

SAML for ASP.NET
1

Hello,
we are implementing an integration with ADFS.
We’ve been able to connect and obtain the response with the correct claims.

Among those, we receive this one, called Group, in which we have multiple value.


<Attribute Name=" “>http://schemas.xmlsoap.org/claims/Group”>
Domain Users
PWDStandard
External_Share_File
LDMS_External_ownHome
PEC_Sistemi_Informativi
LDMS_PECManager
RADIUSTest
RADIUS_APN_TIM
ITMOFS01_Uffici-Interufficio
guac_users
gruppo1
AllowOWA



Now, we normally get a single string value so using this method

Snippetpublic static void ReceiveSSO(HttpRequestBase httpRequest, out bool isInResponseTo, out string partnerIdP, out string authnContext, out string userName, out IDictionary<string, string> attributes, out string relayState);

we can read and parse those claims correclty.

Unfortunately, in this case we are able to read only the first one.

How can we correctly process also this one?

Thank you
Fabio

2

Hi Fabio,

The overload that returns the IDictionary is a convenience for the majority of use cases where single-value SAML attributes are returned. There’s a ReceiveSSO overload that returns a SAMLAttribute[] rather than an IDictionary<string, string>. The SAMLAttribute class gives you access to all the SAML attribute values through the SAMLAttribute.Values property.


SAMLServiceProvider.ReceiveSSO(
Request,
out isInResponseTo,
out partnerIdP,
out authnContext,
out userName,
out samlAttributes,
out targetUrl);

var samlAttribute = samlAttributes.SingleOrDefault(
a => a.Name == "<a href=“http://schemas.xmlsoap.org/claims/Group");">http://schemas.xmlsoap.org/claims/Group”);

foreach (var attributeValue in samlAttribute.Values)
{
var groupName = attributeValue.ToString();
}


3
[quote]
ComponentSpace - 3/16/2021
Hi Fabio,

The overload that returns the IDictionary is a convenience for the majority of use cases where single-value SAML attributes are returned. There's a ReceiveSSO overload that returns a SAMLAttribute[] rather than an IDictionary. The SAMLAttribute class gives you access to all the SAML attribute values through the SAMLAttribute.Values property.


SAMLServiceProvider.ReceiveSSO(
Request,
out isInResponseTo,
out partnerIdP,
out authnContext,
out userName,
out samlAttributes,
out targetUrl);

var samlAttribute = samlAttributes.SingleOrDefault(
a => a.Name == "http://schemas.xmlsoap.org/claims/Group");

foreach (var attributeValue in samlAttribute.Values)
{
var groupName = attributeValue.ToString();
}


[/quote]

Thak you for your fast reply!
I'll take a look at this solution this morning.

Just to be sure: can i always use this overload of the ReceviveSSO method?
I mean, since we have scenarios where different clients can send us either a single value or a multiple value (like this case) attribute and i don't want to check every time, If i use always this overload am i able to manage both these situations?

Thank you
Fabio
4

Yes. This overload supports both single-value and multi-value SAML attributes. You can use this overload for all scenarios.

5
[quote]
ComponentSpace - 3/17/2021
Yes. This overload supports both single-value and multi-value SAML attributes. You can use this overload for all scenarios.
[/quote]

Yes, I tried it and it works perfectly.

Thank you for your support.

Fabio
6

You’re very welcome.