Hello.
The output parameter userName in ReceiveSSO is returning “TNxhjvbEfZJjfgtaJX8FWCFyAVMmcAVbHCxQFw==”. The documentation says that this parameter represents the name of the user, so my questions are:
Is this some string the provider passes to the response?
Or is this the userName of the authenticated user?
If this is encoded by some standard, how do I decode it in .NET?
If this has nothing to do with the userName of the authenticated user. What is the common practice of receiving the userName of the authenticated user?
Thank you in advance.
Ragnar
The username output parameter returned by SAMLServiceProvider.ReceiveSSO is the name identifier field from the SAML assertion.
We don't interpret this string in any way.
Typically it will be the user's name or perhaps their email address. The precise meaning of the user name is determined between the identity provider and service provider.
You should contact the identity provider and ask exactly what the SAML assertion name identifier field value means. It looks like a base-64 string but doesn't decode to anything obvious.
Also, it may be that the returned SAML attributes include user information that's more useful.
The IdP is ServiceNow, do you know if this component has been tested/used with this IdP?
The provider said the user name is provided as claims but I do not see it wen I list the claims in AssertionConsumerService after saml authentication. And the attributes is null, is that normal?
See info here:
http://wiki.servicenow.com/index.php?title=SAML_2.0_Web_Browser_SSO_Profile#gsc.tab=0
We have customers successfully interoperating with ServiceNow.
Could you please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this post?
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
I’d like to see the raw SAML response being sent by the IdP.