Conditional for claim types with no mappings when using SAML 1.1

IdentityServer / IdentityServer4.WsFederation

Sample for implementing WS-Federation IdP support for IdentityServer4

Apache License 2.0

67 stars 53 forks source link

Conditional for claim types with no mappings when using SAML 1.1 #2

Closed scottbrady91 closed 7 years ago

scottbrady91 commented 7 years ago

In the CreateSubjectAsync method of SignInResponseGenerator we are currently returning all claims allowed for that client based on the allowed scopes for that client.

When using SAML 1.1, if we do not create a claim mapping for every claim type allowed in a scope, we get an exception from the SamlSecurityTokenHandler.

leastprivilege commented 7 years ago

thanks! Will add a logging message in addition.