Claim from IDP has Issuer of LOCAL AUTHORITY

ceg · July 23, 2020, 2:10pm

I have implemented a SAML Service Provider using Component Space.
My configuration is rather straightforward . . .

“ComponentSpaceSaml”: {
“LocalServiceProviderName”: “<a href=“http://localhost:3600/SAML” ,”=“”><a href=“http://localhost:3600/SAML",">http://localhost:3600/SAML”,
“LocalServiceProviderDescription”: “Identity Service Provider (ComponentSpace)”,
“LocalServiceProviderAssertionConsumerServiceUrl”: “<a href=“http://localhost:3600/SAML/AssertionConsumerService” ,”=“”><a href=“http://localhost:3600/SAML/AssertionConsumerService",">http://localhost:3600/SAML/AssertionConsumerService”,
“LocalServiceProviderSingleLogoutServiceUrl”: “<a href=“http://localhost:3600/SAML/SingleLogoutService” ,”=“”><a href=“http://localhost:3600/SAML/SingleLogoutService",">http://localhost:3600/SAML/SingleLogoutService”,
“LocalServiceProviderArtifactResolutionServiceUrl”: “<a href=“http://localhost:3600/SAML/ArtifactResolutionService” “=””><a href=“http://localhost:3600/SAML/ArtifactResolutionService”“>http://localhost:3600/SAML/ArtifactResolutionService”

the option I am using is
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;

I am testing my implementation against many external Identity Providers. What I have noticed is when I check the claims in my Saml Callback Handler, the Issuer value in the claim is “LOCAL AUTHORITY” where my code expects the issuer value in the claim to be the Entity Id of the External Idp. What is causing the value of the Issuer to change? Is there a configuration setting I have missed?

the code in my handler call back is roughly

var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
var externalUser = result.Principal;

It is in the ClaimsPrincipal that issuer value is “LOCAL AUTHORITY”

ComponentSpace · July 23, 2020, 6:04pm

We don’t set the Claims.Issuer so it defaults to ClaimsIdentity.DefaultIssuer (ie “LOCAL AUTHORITY”).

The entity ID of the IdP is returned in the AuthenticationProperties under the “PartnerName” item. For example, the following code in the OnGetCallbackAsync callback handler in Areas\Identity\Pages\Account\ExternalLogin.cshtml.cs retrieves the partner name (aka entity ID or issuer):

var info = await _signInManager.GetExternalLoginInfoAsync();
var partnerName = info.AuthenticationProperties.Items[“PartnerName”];