Hi,
The created claims principal only contains the name (NameID) claim. I would also like some more information of the login-proces in the claimset, like the login-date, the ‘AuthnContextClassRef’ used during login, IP-address of the user, etc. Perhaps I also want to enrich it with some local data as well. Can you provide guidance on how to manipulate the ClaimsPrincipal before the cookie is created?
Regards,
Robert te Kaat
Hi Robert
Please refer to our ExampleServiceProvider’s SamlController.
It demonstrates calling _userManager.AddClaimAsync to add additional claims.
The example is adding SAML attributes as claims but you could also add login-date etc as required.
[quote]
[/quote]
Thanks, but I'm using the Middleware-option and do not use any ASP.Net Identity stuff (no local user storage, no UserManager, etc). Is it still possible to hook into the components?
For the middleware option, you can register an implementation of the ISamlClaimFactory.
SamlClaimFactory, the default implementation, adds the SAML Name ID and SAML attributes as claims.
The following code extends the default implementation to add additional claims.
These claims are added to the principal signed in by the middleware.
using ComponentSpace.Saml2.Assertions;
using ComponentSpace.Saml2.Claims;
using System;
using System.Collections.Generic;
using System.Security.Claims;
public class CustomSamlClaimFactory : SamlClaimFactory
{
public override IList CreateClaims(string userID, IList attributes)
{
var claims = new List();
// Add default claims.
claims.AddRange(base.CreateClaims(userID, attributes));
// Add additional claims.
claims.Add(new Claim(“login-date”, DateTime.UtcNow.ToString()));
return claims;
}
}
You need to register your implementation at application startup.
// Add the custom SAML claim factory.
services.TryAddSingleton<ISamlClaimFactory, CustomSamlClaimFactory>();
// Add SAML SSO services.
services.AddSaml(Configuration.GetSection(“SAML”));