CIE returns dateOfBirth claim as string instead of date

microsoft / SPID-and-Digital-Identity-Enabler

This repo contains the SPIDProxy code and several ADFS/Azure B2C related scripts and assets. SPIDProxy allows to communicate with SPID, CIE and eIDAS. The repo also contains a web app enabling CNS authentication through ADFS and AAD B2C.

MIT License

27 stars 12 forks source link

CIE returns dateOfBirth claim as string instead of date #43

Closed fume closed 1 year ago

fume commented 2 years ago

We need to update the custom policies for CIE because the dateOfBirth claim is returned as string instead of date

fume commented 2 years ago

Given that some SPID IdPs don't comply to the xs:date format as they should, we could add a feature in the SPIDPRoxy that always returns the dateOfBirth claim in the xs:date (or xs:string) format. This SAMLResponse modification should be turned on/off via configuration as well as the format to use (xs:String vs xs:date). Relying on the SPIDProxy modification, we could always use the same claim (and claim type) in the AAD B2C Custom Policies.

MarcoZama commented 2 years ago

@fume we can add dateOfBirth as boolean param for switch SAMLResponse format, what do you think?

fume commented 2 years ago

@MarcoZama i was thinking to have 2 config params:

AlterDateOfBirth: true/false
DateOfBirthFormat: date/string

This way we could change the behaviour easily from the config. Probably the best combination as of today would be Alter: true, Format: date since all the SPID providers SHOULD return a dateOfBirth with format xs:date and we already have the B2C custom policies configured to receive such type. We should change the custom policy for CIE because as of today it returns a dateOfBirth with format xs:String. In any case, one could decide to change the custom policies and alter the SPIDProxy config accordingly.