We are IdP, and support SP-init SAML SSO.
We need your help to find a way to apply Mapping Rules onto Attributes , that we can supply when we send SAML Response with assertions.
We specifically needs this to our Office 365 integration as it needs Immutable ID
==== currently we have this static block , programmed at Office 365 SP config block , but perhaps due to this we are not able have more than 1 user. so need a to dynamically set this per user in the code handling while sending response
====
MappingRules = new List()
{
new SamlMappingRule()
{
Rule = “Clear”,
}, new SamlMappingRule()
{
Rule = “Constant”,
//The below ID is ImmutbaleID required by Office365.
// its nothing but sha256-value of user’s subject name ID : in thsi example ‘user1@testnetwork.com’
Value = “3A0FB9244C536E981167610B175AC061458EE594D4C5C3BD8F19FAA699FE9251”,
},
new SamlMappingRule()
{
Rule = “Constant”,
Name = “IDPEmail”,
Value = “user1@testnetwork.com”,
}
},
============
// this function sends out SAML-assertion ( in response to SP-initiated SAML SSO)
// samlUserSubjectName is the federated users email id ( subject nameID string), and ‘spName’ is passed here
// to do some special handling for Immutable ID
private Task CompleteSsoAsync(string samlUserSubjectName, string spName)
{
// include some claims.
var attributes = new List()
{
// How can I apply the attributes corresponding to the mapping rules ,
// that are statically set in ServiceProvider block as mentioned above
// and perhaps this is dynamic, the setup of attributes differ user to user
// the ImmutableID value , I can generate one based on ‘userNAme’ as string
// I just need a way to apply the mapping rules programmatically, dynamically
};
// The user is logged in at the identity provider.
// Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
return _samlIdentityProvider.SendSsoAsync(samlUserSubjectName, attributes);
}
The mapping rules do not support this type of dynamic configuration.
Rather than using a configured mapping rule, you should simply handle this within your application code at the time you construct the SAML attributes.
Thank you.
Currently this is how I set attributes, before firing the assertion to SP
But this works for normal attributes. Can you please tell me how to set attribute for ImmutableID required ( as mentioned in the rule , at above original post)
.....
var attributes = new List()
{
new SamlAttribute(ClaimTypes.GivenName, "user"),
new SamlAttribute(ClaimTypes.Surname,"user")
};
...
return _samlIdentityProvider.SendSsoAsync(samlUserSubjectName, attributes);
For Office 365, the inmutable ID is the SAML Name ID.
This is set as the userID parameter to SendSsoAsync.
For example:
var samlUserSubjectName = “3A0FB9244C536E981167610B175AC061458EE594D4C5C3BD8F19FAA699FE9251”;
var attributes = new List()
{
new SamlAttribute(“IDPEmail”, “test@componentspace.com”),
};
samlIdentityProvider.SendSsoAsync(samlUserSubjectName, attributes);
You’ll find our Office 365 integration guide:
https://www.componentspace.com/Forums/8241/Office-365-Integration-Guide
This is set as the userID parameter to SendSsoAsync.
For example:
var samlUserSubjectName = "3A0FB9244C536E981167610B175AC061458EE594D4C5C3BD8F19FAA699FE9251";
var attributes = new List()
{
new SamlAttribute("IDPEmail", "test@componentspace.com"),
};
samlIdentityProvider.SendSsoAsync(samlUserSubjectName, attributes);
You'll find our Office 365 integration guide:
https://www.componentspace.com/Forums/8241/Office-365-Integration-Guide
Hi
I m using latest componentspace, as IdP ( MvcIdpExampleProvider)
I cant compile above code as the SendSsoAsync is missing. The SendSSO has no corresponding signature to take in SAMLAttribute
var samlUserSubjectName = "3A0FB9244C536E981167610B175AC061458EE594D4C5C3BD8F19FAA699FE9251";
var attributes = new List()
{
new SAMLAttribute("IDPEmail", "test@componentspace.com"),
};
SAMLIdentityProvider.SendSSO(Response,userImmutableID, attributes); <==== this third argument cant compile as method signature expects IDictionary only.
Can we have some compatible API to provide such attribute. Its needed for Office365 assertion making, and is mandatory.
This forum is for the SAML for ASP.NET Core product. There’s a separate forum for SAML for ASP.NET.
https://www.componentspace.com/Forums/ComponentSpace-Support-Forums/Questions-SAML-SSO-for-ASPNET
SAMLIdentityProvider.SendSSO etc are part of the SAML for ASP.NET product. Both products offer similar functionality but the APIs are different. SAMLIdentityProvider.SendSSO includes overloads that allow you to specify SAML attributes.
I suggest taking a look at the Office 365 Integration Guide for the SAML for ASP.NET product.
https://www.componentspace.com/Forums/9361/Office-365-Integration-Guide