Tratcher
commented
4 years ago I'm not familiar with the implementation details of WsFederation, that's handled for us by the IdentityModel library. https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
Depending on where you need to intercept the process, there are a number of Notifications you can hook into for low level customizations. https://github.com/aspnet/AspNetKatana/blob/635c92f641ad1e014eead31cc7a365004949fda5/src/Microsoft.Owin.Security.WsFederation/WsFederationAuthenticationNotifications.cs https://github.com/aspnet/AspNetKatana/blob/e2b18ec84ceab7ffa29d80d89429c9988ab40144/tests/FunctionalTests/Facts/Security/Federation/WsFederationTest.cs#L72-L127
Is there a point provided by Katana API for adding RequestedAttribute elements into the AuthnRequest element? I use FederationMetadata.xml emited by STS but that file lacks (I do not know why) important ClaimsTypesOffered/ClaimType elements I need.
More info about aforementioned RequestedAttribute: https://ec.europa.eu/cefdigital/wiki/download/attachments/82773108/eidas_message_format_v1.0.pdf?version=1&modificationDate=1497252920416&api=v2