I have successfully set up a ADFS integration for Umbraco 8. I can login and so on but I cannot figure out where my roles are..
The party who did the configurations in Azure said that I can get them by the 'GroupSid' claim, but it seems to be empty, or am I missing something?
SecurityTokenValidated = async n =>
{
ClaimsIdentity claimsId = n.AuthenticationTicket.Identity;
var identityUser = n.AuthenticationTicket.Identity;
var newIdentityUser = new ClaimsIdentity(identityUser.AuthenticationType);
newIdentityUser.AddClaim(new Claim(ClaimTypes.Email, identityUser.Name));
newIdentityUser.AddClaim(new Claim(ClaimTypes.Upn, identityUser.Name));
newIdentityUser.AddClaim(new Claim(ClaimTypes.Role, identityUser.Name));
newIdentityUser.AddClaim(new Claim(ClaimTypes.GroupSid, identityUser.Name));
newIdentityUser.AddClaim(new Claim(ClaimTypes.PrimarySid, identityUser.Name));
var nameIdentifier = identityUser.FindFirst(ClaimTypes.NameIdentifier);
var givenName = identityUser.FindFirst(ClaimTypes.GivenName);
if (nameIdentifier != null)
{
newIdentityUser.AddClaim(nameIdentifier);
}
if (givenName != null)
{
newIdentityUser.AddClaim(givenName);
}
n.AuthenticationTicket = new AuthenticationTicket(newIdentityUser, n.AuthenticationTicket.Properties);
await Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials);
},
When the breakpoints hit those lines, I see the Claims collection..
ClaimsIdentity claimsId = n.AuthenticationTicket.Identity;
var identityUser = n.AuthenticationTicket.Identity;
Here I can see only values like givenname etc..
Can anyone provide me some help? Is the problem on my side, or in Azure?
Thanks a lot!
Roles where not set (for the test user) by party responsible for the claims part.