ADFS and LiveID - email claim not part of the claim

Question

I haven't touched ADFS before so this is totally new to me. I've done some reading on this but not sure if I'm doing this correctly.

I didn't set up ADFS so I'm not exactly sure what as done but i've been told that a rule has been set up for an email claim. And that everything is working.

Then I've been told that I should be able to log-in to a page and once authenticated - i can go to the URL that will check the claims. This is where i am a bit confused.

From my reading - doing the following code should loop through the claims that the logged-in user should be associated to:

 foreach (Claim c in ClaimsPrincipal.Current.Claims)
 {
    //Loop through each claim
 }

What i've found is the email claim is not in the collection of claims. What I do see is my domain and username of the computer that I'm logged into as the identity claim "name". Shouldn't that name be the LiveID that was successfully authenticated?

Have i misunderstood the simplicity of this and that there is more code that i need to do before i can see the proper claim? Or could the setup of the claim be incorrect? thanks.

You have to explicitly configure ADFS to pass a claim on to an RP, I think this is the right page-http://technet.microsoft.com/en-us/library/ee913565.aspx — MatthewMartin, Oct 20 '14 at 19:00

score 0 · Accepted Answer · answered Oct 20 '14 at 21:56

0

ADFS authenticates against AD and there is no attribute in AD for Windows Live.

My guess is that they have federated ADFS with something like ACS which does support Windows Live.

However, email address is not one of the claims returned - refer Windows Live ID as an ACS Identity Provider.

answered Oct 20 '14 at 21:56

rbrayb

46,440
34
114
174

Correct! Sorry...i wasn't clear in my question. Thanks for the link. I'll look up on that. – Mike Stone Oct 21 '14 at 12:32

ADFS and LiveID - email claim not part of the claim

1 Answers1