0

There are a couple of properties that seem to allow this:

Properties (which is a Dictionaty) AdditionalContext and Context...

I cannot find any guidelines as to which would be most appropriate to use...

I basically need the requestor of the token to provide me with a "External User Id" and the STS I am building will include that as a claim in the response (RSTR).

Arnaud
  • 430
  • 1
  • 3
  • 13

2 Answers2

1

I would use the .Claims property - this passes in the requested claims.

Add the "external user id" claim here to indicate to the STS that you need this claim in the RSTR.

leastprivilege
  • 18,196
  • 1
  • 34
  • 50
  • I have used the .Claims property to pass the claim to the STS. So like this: rst.Claims.Add(new RequestClaim("http://somenamespace/externalUserId", false, "123456"); The 'funny' bit is that I get ID3257 - WsTrustSerializationExeption when I do that. I have to change the Dialect (on the Claims property) to be "_http://docs.oasis-open.org/wsfed/authorization/200706/authclaims_". That is most annoying, but it works. Reflecting through the WSTrustSerializationHelper class, it assumes the dialect is "_http://schemas.xmlsoap.org/ws/2005/05/identity_" then spits the dummy because it isn't the other. – Arnaud Feb 19 '14 at 06:04
  • That's stupid indeed. Have you set the WSTrust version to 1.3 on the WSTrustChannelFactory? (not sure if that fixes it though) – leastprivilege Feb 19 '14 at 09:56
0

You must have noticed that manipulating RequestSecurityToken.Properties requires custom WSTrust13ResponseSerializer and WSTrust13RequestSerializer classes to be implemented.

Afterwards you should assign these custom classes to SecurityTokenServiceConfiguration class.

skuntsel
  • 11,624
  • 11
  • 44
  • 67
Ruhollah Delpak
  • 138
  • 6