I'm looking at the Sustainsys.Saml2 samples and I've found that if I point the SampleMvcApplication to use Okta as an IdP that all the relevant claims are created. However if I use Okta as an external IdP for the SampleIdentityServer3 project I only see the openid claims. Is there a wat to configure IdentityServer to pass all the claims in the Saml token back to the client app?
Asked
Active
Viewed 495 times
1 Answers
0
I'm unsure if this works in your exact scenario however I'm using the following approach to return a collection of required Claims, to the clients, in the token (noting that I'm using Identity Server 4).
You can add the profile scope the the request from the client.
Then you can make a request to the User Info Endpoint:
options.GetClaimsFromUserInfoEndpoint = true;
In your implementation of public async Task GetProfileDataAsync(ProfileDataRequestContext context) you can add in whichever claims you wish.
Alternatively, you can set AlwaysIncludeUserClaimsInIdToken = true in your Client Config then can get the claims in your token. Be weary about including too many claims in your token which can result in it getting too large for some browsers to work with.
Docs: http://docs.identityserver.io/en/release/reference/profileservice.html
I also found this article helpful: https://leastprivilege.com/2017/11/15/missing-claims-in-the-asp-net-core-2-openid-connect-handler/
Fanetic
- 522
- 5
- 15