elerch
commented
8 years ago I agree - I added a ToClaims extension method, deprecated the old ToClaim (which incidentally had a TODO for just this issue), and used the new ToClaims method internally when a ClaimsIdentity is generated. See fc41929
SAML2/src/Owin.Security.Saml/SamlAttributeExtensions.cs is the related file. It will be better if we can have multiple claims instead of a comma separated string in terms of reading the claims value. I believe that comma is actually a valid character in the SAML2 attribute specs. In the event that the original attribute value contains a common, it will render the claim value to have incorrect value.
It has been kind of suggested in StackOverflow to add multiple claims in case of have multiple attribute values: http://stackoverflow.com/questions/24849031/storing-a-list-of-string-in-claim-system-security-claims