I'm using the WebForms ExampleServiceProvider project to test with. I've configured it to use a SecureAuth IdP. After logging into the device, it redirects back to the AssertionConsumerService.aspx correctly. The ReceiveSSO takes an out parameter named attributes which it populates, however not correctly.
This is what I see in the browser:Welcome to the Service Provider Site
You are logged in as
[email protected].
User Attributes
uid:
[email protected]sn: test
givenName: v2v
groups: v2vgroupA
group: v2vgroupA
Here's the actual AttributeStatement node from the returned SAML:<saml:AttributeStatement>
<saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue>
[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue>test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue>v2v</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue>v2vgroupA</saml:AttributeValue>
<saml:AttributeValue>v2vgroupB</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue>v2vgroupA</saml:AttributeValue>
<saml:AttributeValue>v2vgroupB</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
As you can see, the group node has 2 values, but the attributes dictionary is only getting the first value.
Is this a bug, or should I be looking in a different place?