SAML 2.0 Username from Assertion

I am using ForgeRock AM as the Identity Provider with an ASP.NET Webforms application as the Service Provider. I am doing an IdP initiate SSO, and successfully receiving an assertion on the AssertionConsumerService.aspx page.

However, the SAMLServiceProvider.ReceiveSSO method is returning the username in a different format. This is reflected in the saml:NameID in the attached trace file. Is there a way to get the actual username used in ForgeRock AM?

Thank you

We return the NameID from the SAML assertion. In this case it’s “8erijq43+4eSPpzyX5+NANKf4Upj”.

You would need to configure the identity provider to specify exactly what user information should be sent as the NameID.

Please refer to ForgeRock’s documentation.