Azure AD B2C WS-Federation and SAML claims provider, unable to read name identifier -


ad fs configured custom policies claims provider on azure ad b2c using ws-federation , saml. relying party on azure ad b2c using openid connect.

when receiving saml token, azure ad b2c unable read name identifier, other claims types given name surname, email or upn read without problems.

how custom policies configured in azure ad b2c read name identifier?

in saml token name identifier placed in subject other claims placed in attributes.

here saml token example:

<t:requestsecuritytokenresponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">   <t:lifetime>     <wsu:created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2017-07-21t06:26:09.625z</wsu:created>     <wsu:expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2017-07-21t07:26:09.625z</wsu:expires>   </t:lifetime>   <wsp:appliesto xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">     <wsa:endpointreference xmlns:wsa="http://www.w3.org/2005/08/addressing">       <wsa:address>https://login.microsoftonline.com/te/xxxx.onmicrosoft.com/b2c_1a_trustframeworkbase</wsa:address>     </wsa:endpointreference>   </wsp:appliesto>   <t:requestedsecuritytoken>     <saml:assertion majorversion="1" minorversion="1" assertionid="_51bc4bdd-515f-4860-8281-760acdd31813" issuer="http://adfs-dev.local/adfs/services/trust" issueinstant="2017-07-21t06:26:09.625z" xmlns:saml="urn:oasis:names:tc:saml:1.0:assertion">       <saml:conditions notbefore="2017-07-21t06:26:09.625z" notonorafter="2017-07-21t07:26:09.625z">         <saml:audiencerestrictioncondition>           <saml:audience>https://login.microsoftonline.com/te/xxxx.onmicrosoft.com/b2c_1a_trustframeworkbase</saml:audience>         </saml:audiencerestrictioncondition>       </saml:conditions>       <saml:attributestatement>         <saml:subject>           <saml:nameidentifier format="urn:oasis:names:tc:saml:2.0:nameid-format:persistent">test1@adfsdev.local</saml:nameidentifier>           <saml:subjectconfirmation>             <saml:confirmationmethod>urn:oasis:names:tc:saml:1.0:cm:bearer</saml:confirmationmethod>           </saml:subjectconfirmation>         </saml:subject>         <saml:attribute attributename="givenname" attributenamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">           <saml:attributevalue>test1</saml:attributevalue>         </saml:attribute>         <saml:attribute attributename="surname" attributenamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">           <saml:attributevalue>test user</saml:attributevalue>         </saml:attribute>         <saml:attribute attributename="emailaddress" attributenamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">           <saml:attributevalue>test1mail@adfsdev.local</saml:attributevalue>         </saml:attribute>         <saml:attribute attributename="upn" attributenamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">           <saml:attributevalue>test1@adfsdev.local</saml:attributevalue>         </saml:attribute>       </saml:attributestatement>       <saml:authenticationstatement authenticationmethod="urn:oasis:names:tc:saml:2.0:ac:classes:passwordprotectedtransport" authenticationinstant="2017-07-21t06:26:09.546z">         <saml:subject>           <saml:nameidentifier format="urn:oasis:names:tc:saml:2.0:nameid-format:persistent">test1@adfsdev.local</saml:nameidentifier>           <saml:subjectconfirmation>             <saml:confirmationmethod>urn:oasis:names:tc:saml:1.0:cm:bearer</saml:confirmationmethod>           </saml:subjectconfirmation>         </saml:subject>       </saml:authenticationstatement>       <ds:signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">         <ds:signedinfo>           <ds:canonicalizationmethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />           <ds:signaturemethod algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />           <ds:reference uri="#_51bc4bdd-515f-4860-8281-760acdd31813">             <ds:transforms>               <ds:transform algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />               <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />             </ds:transforms>             <ds:digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />             <ds:digestvalue>gaumc47gymi+4o9ff2blavd9p0jkurevep4rw+wn2ho=</ds:digestvalue>           </ds:reference>         </ds:signedinfo>         <ds:signaturevalue>xqkkxmwcycj8v3u ... 9h9anliv/xqx9bg==</ds:signaturevalue>         <keyinfo xmlns="http://www.w3.org/2000/09/xmldsig#">           <x509data>             <x509certificate>miic+jccaekgawiba ... dht3oknufxsq==</x509certificate>           </x509data>         </keyinfo>       </ds:signature>     </saml:assertion>   </t:requestedsecuritytoken>   <t:tokentype>urn:oasis:names:tc:saml:1.0:assertion</t:tokentype>   <t:requesttype>http://schemas.xmlsoap.org/ws/2005/02/trust/issue</t:requesttype>   <t:keytype>http://schemas.xmlsoap.org/ws/2005/05/identity/noproofkey</t:keytype> </t:requestsecuritytokenresponse>


Comments

Post a Comment

Popular posts from this blog

javascript - Create a stacked percentage column -

i have collection of data : var data = [ {"p301a":"10","p301b":"7","p301c":"7","p301d":"3","p301e":"8","p301f":"8","p301g":"8","p301h":"8","p301i":"8","p301j":"8","p301k":"8","p301l":"8","p301m":"8","p301n":"8","p301o":"8","age":"31-40 years","profesion":"2","position":"2"}, {"p301a":"5","p301b":"4","p301c":"4","p301d":"4","p301e":"4","p301f":"4","p301g":"4","p301h":"4","p301i":"4","p301j":"4","p301k":"4...
Read more

Optimising Firebase database by automatically overwriting data -

in firebase app have following structure: posts latest all users can write posts > latest . want limit entries 20 posts save space in database. , posts beyond 20 unnecessary never shown on homepage. how can limit posts 20, when user writes posts > latest posts @ end drop off (be deleted) automatically? this sample should you. you need : const max_log_count = 20; exports.removeold = functions.database.ref('/posts/latest/{postid}').oncreate(event => { const parentref = event.data.ref.parent; return parentref.once('value').then(snapshot => { if (snapshot.numchildren() >= max_log_count) { let childcount = 0; const updates = {}; snapshot.foreach(function(child) { if (++childcount <= snapshot.numchildren() - max_log_count) { updates[child.key] = null; } }); // update parent. removes children. ...
Read more

javascript - Angular UI-Grid customTemplate directive causing rows to load slowly/? -

Image
each grid cell can have more 1 customtemplate loaded. have directive holds watcher on model_col_field listen cell updates on scroll when dom rows updated , recompile celltemplate . without watcher , $compile rows repeat on scroll, showing same set of rows. is there more angular way of approaching or way improve performance? relevant controller code: create gridoptions.data & gridoptions.columndefs : var customtemp = '<div ng-repeat="opt in grid.appscope.colvalueoptionsmodel" ng-init="tempstring=model_col_field.clazz+opt.key;"><comparison-directive dbo="model_col_field" attobj="opt" fff="grid.appscope.getattributetemplate(tempstring)" /></div>'; $scope.gridoptions.columndefs = [ { name:'yindex',pinnedleft:true,celltemplate: customtemp, displayname:'index'}, { name:'col1',celltemplate: customtemp}, { name:'col2',celltemplate: c...
Read more