I’m using the WebForms ExampleServiceProvider project to test with. I’ve configured it to use a SecureAuth IdP. After logging into the device, it redirects back to the AssertionConsumerService.aspx correctly. The ReceiveSSO takes an out parameter named attributes which it populates, however not correctly.
This is what I see in the browser:
Welcome to the Service Provider Site
You are logged in as v2vtest@genusplc.com.
User Attributes
uid: v2vtest@genusplc.com
sn: test
givenName: v2v
groups: v2vgroupA
group: v2vgroupA
Here’s the actual AttributeStatement node from the returned SAML:
saml:AttributeStatement
<saml:Attribute Name=“uid” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValuev2vtest@genusplc.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“sn” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValuetest</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“givenName” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValuev2v</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“groups” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValuev2vgroupA</saml:AttributeValue>
saml:AttributeValuev2vgroupB</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“group” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValuev2vgroupA</saml:AttributeValue>
saml:AttributeValuev2vgroupB</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
As you can see, the group node has 2 values, but the attributes dictionary is only getting the first value.
Is this a bug, or should I be looking in a different place?
In most cases there’s a simple one to one mapping of attribute names and values.
For these common cases, the ReceiveSSO method that returns an IDictionary<string, string> is the most convenient method to use.
To handle those cases where you can receive multi-value attributes, you need to call the ReceiveSSO overload that returns an array of SAMLAttribute objects.
You then have access to the individual attribute values through the SAMLAttribute.Values property.
[quote][/quote]
In most cases there's a simple one to one mapping of attribute names and values.
For these common cases, the ReceiveSSO method that returns an IDictionary is the most convenient method to use.
To handle those cases where you can receive multi-value attributes, you need to call the ReceiveSSO overload that returns an array of SAMLAttribute objects.
You then have access to the individual attribute values through the SAMLAttribute.Values property.
For these common cases, the ReceiveSSO method that returns an IDictionary is the most convenient method to use.
To handle those cases where you can receive multi-value attributes, you need to call the ReceiveSSO overload that returns an array of SAMLAttribute objects.
You then have access to the individual attribute values through the SAMLAttribute.Values property.
Works exactly as you said it would. Thanks!
You’re welcome. 