I am setting up a proof-of-concept to allow users to login using the componentspace SAML2 library for .net core. The backend is ForgeRock OpenAM 6.5.3
I managed to get my identity after logging in but the User.Identity.IsAuthenticated still is false. I am a bit lost about how to 'map' the identity to an user (from the ForgeRock backend).
The code which is behind the AssertionConsumerService Url from the configuration is as follows:
[HttpPost("SAML/SSO/Post")]
public async Task<IActionResult> AssertionConsumerService(CancellationToken cancellationToken)
{
if (User.Identity == null || !User.Identity.IsAuthenticated)
{
var result = await _serviceProvider.ReceiveSsoAsync();
}
}
since we don't have our own users (they are all located in OpenAM) I don't know how to get the right claims and authenticate the user. I now only have UserID and Email and no attributes containing the other info. How to retrieve the other attributes?
The User.Identity.IsAuthenticated refers to your local identity. After calling _samlServiceProvider.ReceiveSsoAsync, the returned result includes the SAML NameID and SAML attributes from the SAML assertion received from the identity provider. Your application is responsible for using this information to login the user automatically. How you do this is dependent on your application.
If you need additional information from the identity provider, you must request they include this as SAML attributes in the SAML assertion. Exactly what's included in the SAML assertion is negotiated between the identity provider and service provider organizations.