I'm updating a website with a custom membership and role provider into a SAML based authentication from a shib IDP via kentor authservices.
I've successfully replaced the membership provider (though if someone can advise how to write a unusually named claim into user.identity.name it would save me a headache later down the line) but I need to keep the custom roleprovider and associated roles based access.
When I log in, I can load non-anonymous user pages but trying to access a role-controlled page results in an infinite loop of trying to get authorisation from the IDP rather than from the entirely separate roles server.
Is there a way I can decouple or somehow intercept the roles authentication from kentor so I can continue to use the existing class?
Thank you
AuthServices calls the standard WIF a ClaimsAuthenticationManager hook, where you can adjust the claims. Use that to query your role store and add the role claims to the principal generated from the SAML assertion.