We have a requirement that our MVC client application provides an SSO ability to multiple customers by logging to their own IDP. But some of these gives SAML 1.1 which we are already supporting using the WSFederationAuthenticationModule and some of them recently are sending SAML 2.0 token which is causing our MVC application to fail.
Can I use WSFederationAuthenticationModule to support SAML 2.0 token also?
What are any other alternate suggestions?
The problem is that 1.1 enforces the full URI e.g.
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
whereas 1.2 allows just "emailaddress".
You can use GetOutputClaimsIdentity
and have something like:
outputIdentity.Claims.Add(new Claim(ClaimTypes.xxx, "rest of URI" + emailaddress));