Claims Mapping - question #173
Comments
I updated the code as follow: if (claim.Type == ClaimTypes.NameIdentifier && claim.Value != null) { user.UserId = Guid.Parse(claim.Value); } It works but I still need to have more information from the claims. Would be very nice if you can help me with a mapping. Thank you |
Not sure why updating to 2.0 would have changed that. The WS-Fed config you link might be a red herring. |
This is on another api that gets Data from my Auth Server (Token and Identity Provider). it is System.Security.Claims class fro the principal And the claims is from ClaimsIdentity class. |
After upgrading to newest IdentityServer3 v2.0.0, IdentityModel and IdentityServer Access Token validation I have similar problem. I no longer have sub claim while calling WebAPI and I have http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier instead. Did anything changed? You did some mapping? I double checked my access token and it contains sub claim. I didn't change anything else in my WebAPI than upgrading IdentityModel and IdentityServer Access Token validation. |
I have my Token Server running apart. On the My other application Web Api on the App_start or on my case it is SecurityConfig I added this line
It Works for me. |
Ok so it's caused by |
Digged into and i see this map. So by default it will map sub into name identifier. It changed in new version of System.IdentityModel.Tokens.Jwt |
FYI Microsoft have fun on the way out too, outbound In MVC 6
|
Talk about shitty design... For some reason, Microsoft made those two properties static on the
Another really irritating thing about this is Microsoft's default mappings actually prevent using the standard I ended up writing the following code that runs just before using
|
Amen. |
I'm trying to accomplish the same using Identity Server 4. I rephrased the type map clearer to use "DefaultInboundClaimTypeMap" as suggested here: https://leastprivilege.com/2016/08/21/why-does-my-authorize-attribute-not-work/
That makes the claims come in as expected ("sub"). However, @zebamba 's code above also does the following, Some discussion of Identity Server 3 also claims that the AntiForgery change is required in combination with the clearing of the type map: http://identityserver.github.io/Documentation/docsv2/overview/mvcGettingStarted.html I can't get that line to compile when using Identity Server 4: Are the AntiForgeryConfig and Constants part of Identity Server? If not, are they accessible to an MVC Core app? |
AntiForgery is a MVC5 feature. |
We upgraded most of our projects from Think Thinktecture.IdentityServer3 v1.6.2 to IdentityServer3 v2.0.0
I notice that the code above is creating a user Id full of zeros.
Becouse the Claim Type sub now has type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier".
I found this file example on the sample source
https://github.com/IdentityServer/IdentityServer3.Samples/blob/0e4a2036d0ef39d10d09ce98323a13046d7e1bf7/source/SelfHost%20(InMem%20with%20WS-Fed)/SelfHost/Config/RelyingParties.cs
The Identity Manager api is using OAuth2Configuration.
Would you help to with the mapping?
The text was updated successfully, but these errors were encountered: