ComponentSpace

Forums



SAML Attribute setting : Dynamically and programmatically apply Mapping Rules


SAML Attribute setting : Dynamically and programmatically apply...

Author
Message
raju
raju
New Member
New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)

Group: Awaiting Activation
Posts: 15, Visits: 60
We are IdP, and support SP-init SAML SSO.
We need your help to find a way to apply Mapping Rules onto Attributes , that we can supply when we send SAML Response with assertions.
We specifically needs this to our Office 365 integration as it needs Immutable ID

==== currently we have this static block , programmed at Office 365 SP config block , but perhaps due to this we are not able have more than 1 user. so need a to dynamically set this per user in the code handling while sending response
====
    MappingRules = new List<SamlMappingRule>()
      {
       new SamlMappingRule()
       {
         Rule = "Clear",

       }, new SamlMappingRule()
       {
         Rule = "Constant",

//The below ID is ImmutbaleID required by Office365.
// its nothing but sha256-value of user's subject name ID : in thsi example '[email protected]'

         Value = "3A0FB9244C536E981167610B175AC061458EE594D4C5C3BD8F19FAA699FE9251", 

       },
       new SamlMappingRule()
       {
         Rule = "Constant",
         Name = "IDPEmail",
         Value = "[email protected]",

       }
      },




============

   // this function sends out SAML-assertion ( in response to SP-initiated SAML SSO)
   // samlUserSubjectName is the federated users email id ( subject nameID string), and 'spName' is passed here
// to do some special handling for Immutable ID
  private Task CompleteSsoAsync(string samlUserSubjectName, string spName)
   {
    
    // include some claims.
    var attributes = new List<SamlAttribute>()
    {
     // How can I apply the attributes corresponding to the mapping rules ,
 // that are statically set in ServiceProvider block as mentioned above
 // and perhaps this is dynamic, the setup of attributes differ user to user
 
 // the ImmutableID value , I can generate one based on 'userNAme' as string
 
 // I just need a way to apply the mapping rules programmatically, dynamically
    };

    // The user is logged in at the identity provider.
    // Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
    return _samlIdentityProvider.SendSsoAsync(samlUserSubjectName, attributes);
   }

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The mapping rules do not support this type of dynamic configuration.
Rather than using a configured mapping rule, you should simply handle this within your application code at the time you construct the SAML attributes.

Regards
ComponentSpace Development
raju
raju
New Member
New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)

Group: Awaiting Activation
Posts: 15, Visits: 60
ComponentSpace - 11/19/2018
The mapping rules do not support this type of dynamic configuration.
Rather than using a configured mapping rule, you should simply handle this within your application code at the time you construct the SAML attributes.

Thank you.

Currently this is how I set attributes, before firing the assertion to SP
But this works for normal attributes. Can you please tell me how to set attribute for ImmutableID required ( as mentioned in the rule , at above original post)
.....

  var attributes = new List<SamlAttribute>()
    {
      new SamlAttribute(ClaimTypes.GivenName, "user"),
      new SamlAttribute(ClaimTypes.Surname,"user")
    };

...

return _samlIdentityProvider.SendSsoAsync(samlUserSubjectName, attributes);




ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
For Office 365, the inmutable ID is the SAML Name ID.
This is set as the userID parameter to SendSsoAsync.
For example:

var samlUserSubjectName = "3A0FB9244C536E981167610B175AC061458EE594D4C5C3BD8F19FAA699FE9251";
var attributes = new List<SamlAttribute>()
{
  new SamlAttribute("IDPEmail", "[email protected]"),
};

samlIdentityProvider.SendSsoAsync(samlUserSubjectName, attributes);



You'll find our Office 365 integration guide:
https://www.componentspace.com/Forums/8241/Office-365-Integration-Guide



Regards
ComponentSpace Development
samluserhl
samluserhl
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Awaiting Activation
Posts: 2, Visits: 7
ComponentSpace - 11/20/2018
For Office 365, the inmutable ID is the SAML Name ID.
This is set as the userID parameter to SendSsoAsync.
For example:

var samlUserSubjectName = "3A0FB9244C536E981167610B175AC061458EE594D4C5C3BD8F19FAA699FE9251";
var attributes = new List<SamlAttribute>()
{
  new SamlAttribute("IDPEmail", "[email protected]"),
};

samlIdentityProvider.SendSsoAsync(samlUserSubjectName, attributes);



You'll find our Office 365 integration guide:
https://www.componentspace.com/Forums/8241/Office-365-Integration-Guide


Hi

 I m using latest componentspace, as IdP ( MvcIdpExampleProvider)

I cant compile above code as the SendSsoAsync is missing. The SendSSO has no corresponding signature to take in SAMLAttribute

     var samlUserSubjectName = "3A0FB9244C536E981167610B175AC061458EE594D4C5C3BD8F19FAA699FE9251";
      var attributes = new List<SAMLAttribute>()
       {
        new SAMLAttribute("IDPEmail", "[email protected]"),
       };

      SAMLIdentityProvider.SendSSO(Response,userImmutableID, attributes);   <==== this third argument cant compile as method signature expects IDictionary only.

 Can we have some compatible API to provide such attribute. Its needed for Office365 assertion making, and is mandatory.








ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
This forum is for the SAML for ASP.NET Core product. There's a separate forum for SAML for ASP.NET.
https://www.componentspace.com/Forums/ComponentSpace-Support-Forums/Questions-SAML-SSO-for-ASPNET

SAMLIdentityProvider.SendSSO etc are part of the SAML for ASP.NET product. Both products offer similar functionality but the APIs are different. SAMLIdentityProvider.SendSSO includes overloads that allow you to specify SAML attributes.

I suggest taking a look at the Office 365 Integration Guide for the SAML for ASP.NET product.
https://www.componentspace.com/Forums/9361/Office-365-Integration-Guide


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search