ComponentSpace

Forums



Duplicate Attributes in SAML request


Duplicate Attributes in SAML request

Author
Message
ActiveplanRetail
ActiveplanRetail
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 5, Visits: 68
We have a single sign on process in operation at a customer site and we've come across a situation where a user has multiple user roles assigned to them. This results in the saml token containing duplicate user profile attributes with two different values.
However on receiving the assertion request we only see a single attribute. I'm guessing the duplicate attribute names is either not supported or some configuration needs changing.
Could you please advise me if this is supported and if so what needs changing so we can see both values. Since we get back a key-value object it feels like this wouldn't work.
Thanks!

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
SAMLServiceProvider.ReceiveSSO includes an overload that returns an IDictionary<string, string>, which is suitable for single-value SAML attributes, and an overload that returns a SAMLAttribute[], which is suitable for multi-value SAML attributes.

In many use cases, single-value SAML attributes are used and the IDictionary<string, string> overload is more convenient.

However, in your case with a multi-value SAML attribute, you need to use the overload that returns a SAMLAttribute[].

bool isInResponseTo;
string partnerIdP;
string authnContext;
string userName;
SAMLAttribute[] attributes;
string targetUrl = null;

// Receive and process the SAML assertion contained in the SAML response.
// The SAML response is received either as part of IdP-initiated or SP-initiated SSO.
SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl);

Using the SAMLAttribute class, you have access to the Name, FriendlyName and attribute value(s).


Regards
ComponentSpace Development
ActiveplanRetail
ActiveplanRetail
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 5, Visits: 68
ComponentSpace - 4/3/2023
SAMLServiceProvider.ReceiveSSO includes an overload that returns an IDictionary<string, string>, which is suitable for single-value SAML attributes, and an overload that returns a SAMLAttribute[], which is suitable for multi-value SAML attributes.

In many use cases, single-value SAML attributes are used and the IDictionary<string, string> overload is more convenient.

However, in your case with a multi-value SAML attribute, you need to use the overload that returns a SAMLAttribute[].

bool isInResponseTo;
string partnerIdP;
string authnContext;
string userName;
SAMLAttribute[] attributes;
string targetUrl = null;

// Receive and process the SAML assertion contained in the SAML response.
// The SAML response is received either as part of IdP-initiated or SP-initiated SSO.
SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl);

Using the SAMLAttribute class, you have access to the Name, FriendlyName and attribute value(s).

OK great thanks for the information!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search