ComponentSpace

Forums



Incorrect parsing of SAML response using ReceiveSSO


Incorrect parsing of SAML response using ReceiveSSO

Author
Message
mrkenn
mrkenn
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 2
I'm using the WebForms ExampleServiceProvider project to test with. I've configured it to use a SecureAuth IdP. After logging into the device, it redirects back to the AssertionConsumerService.aspx correctly. The ReceiveSSO takes an out parameter named attributes which it populates, however not correctly.

This is what I see in the browser:
Welcome to the Service Provider Site
You are logged in as [email protected].
User Attributes
uid: [email protected]
sn: test
givenName: v2v
groups: v2vgroupA
group: v2vgroupA

Here's the actual AttributeStatement node from the returned SAML:

<saml:AttributeStatement>
    <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
      <saml:AttributeValue>[email protected]</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
      <saml:AttributeValue>test</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
      <saml:AttributeValue>v2v</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
      <saml:AttributeValue>v2vgroupA</saml:AttributeValue>
      <saml:AttributeValue>v2vgroupB</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
      <saml:AttributeValue>v2vgroupA</saml:AttributeValue>
      <saml:AttributeValue>v2vgroupB</saml:AttributeValue>
    </saml:Attribute>
   </saml:AttributeStatement>

As you can see, the group node has 2 values, but the attributes dictionary is only getting the first value.

Is this a bug, or should I be looking in a different place?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
In most cases there's a simple one to one mapping of attribute names and values.
For these common cases, the ReceiveSSO method that returns an IDictionary<string, string> is the most convenient method to use.
To handle those cases where you can receive multi-value attributes, you need to call the ReceiveSSO overload that returns an array of SAMLAttribute objects.
You then have access to the individual attribute values through the SAMLAttribute.Values property.


Regards
ComponentSpace Development
mrkenn
mrkenn
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 2
ComponentSpace - 3/22/2017
In most cases there's a simple one to one mapping of attribute names and values.
For these common cases, the ReceiveSSO method that returns an IDictionary<string, string> is the most convenient method to use.
To handle those cases where you can receive multi-value attributes, you need to call the ReceiveSSO overload that returns an array of SAMLAttribute objects.
You then have access to the individual attribute values through the SAMLAttribute.Values property.

Works exactly as you said it would. Thanks!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome. :)

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search