AndersAbel
commented
2 years ago Spring cleaning, closing old PRs
Closed paullem closed 2 years ago
AndersAbel
commented
2 years ago Spring cleaning, closing old PRs
It adds a Subject property to the Saml2AuthenticationRequest (with an XML writer and parser). And a bit of an ugly work around to make it work. It adds a bool parameter to the Saml2SubjectExtension.ToXElement(). The AuthnRequest should not have the “Bearer”. Although ugly, it does not break existing code this way. Of course any other solution is fine for us.
It is not used every day . I do know two applications.
I am working on a project MFA on ADFS It is an implementation of Microsoft.IdentityServer.Web.Authentication.External.IAuthenticationAdapter. The MFA interface of an ADFS server. It uses Sustainssys.Saml2 to create a SAML2 AuthnRequest to a server which verifies the “Second Factor”. It uses Sustainsys.Saml2.dll (v2.7) to create the request and parse the response.
I have seen another use of Subject in the AuthnRequest. If an entity wants to know if a particular Subject is already logged on to an IdP, then they send an AuthnRequest with IsPassive=true and a Subject. The IdP will reply if they are already signed in.