I have connected an AD FS as SAML 2.0 up-party on FoxIDs and my application is connected with OpenID Connect as down-party.
I'm not receiving a SUB claim in my application, what can be the problem?
SAML 2.0 to OpenID Connect missing SUB claim
611 Views Asked by Jesper Nielsen At
1
There are 1 best solutions below
Related Questions in OPENID-CONNECT
- OpenID Connect Account linking
- Authentication with OAuth and JWT but without OpenID Connect
- How to retrieve an OpenID Connect Identity Token from a cookie
- Windows Live Open ID Connect/Oauth 2.0 How to use for SSO with Apache mod_auth_openidc
- Get the user's email address from Azure AD via OpenID Connect
- Validate an Access Token at the Resource Server and Respond Accordingly
- Google OAuth: What do the various fields in id_token stand for?
- Role based Authorization on WebApi Controllers in IdentityServer4?
- Does OpenID Connect support resource sharing
- Manual accesstoken generation using OpenIdConnect Server (ASOS)
- Failing Okta OAuth2 token validation in AspNetCore
- OpenID Connect Standard: Authorized Party azp Contradiction
- Storage of OAuth access tokens in Javascript clients (e.g. Angular)
- Implementing SSO using OpenID Connect and usage of tokens
- Azure AD OpenIDConnect + ASP.NET Core - Authenticate and Extra Permissions/Token?
Related Questions in SAML-2.0
- Prepare SAML Authentication request using OpenSaml3.1.1
- SAML v2 forms auth
- How to generate saml 2.0 sso service metadata
- Spring Saml Security authentication issue due to time zone difference between the IP and SP
- Is is possible to use Azure AD as a SAML compliant Identity Provider?
- How does i implement SAML SSO with Azure AD
- Disable SAML token authentication response digital signing
- Shibboleth - Secure different URLs with different IdPs
- SAML 2.0 Unable to see X509Certificate value in SAML assertion
- Error while configuring ADFS as Identity Provider using SAML Authentication
- How can I connect the Spring SAML example application to a Weblogic IDP?
- Connection between SP and IDP in multiple SP SSO scenario
- java.lang.ClassNotFoundException: org.opensaml.DefaultBootstrap
- org.apache.axis2.AxisFault: Message Receiver not found for AxisOperation: requestSecurityToken
- Requested Authentication Method is not supported on the STS
Related Questions in ADFS
- Can you use the same token in ADFS for 2 different relying parties?
- ADFS Relying Party trust which has a querystring parameter
- Disable SAML token authentication response digital signing
- OpenAM or OpenSSO fedlets as SP and ADFS as IdP without full implementation of OpenAM or OpenSSO?
- “Authorization has been denied for this request” for few Users using Azure Active Directory
- Active Federation for ADFS Proxy 2.0
- WS-Federation sign-in Asp.NET 5 MVC 6 ADFS
- Requested Authentication Method is not supported on the STS
- How to form SP initiated URL for openam/saml2 with ADFS?
- Can I install ADFS Service and ADFS Web Proxy on same server
- ADFS 2.0 url in trusted site on extranet or internet?
- Mapping ye olde Azman operations and roles to ADFS Claims
- How do I limit the claim providers listed on the Home Realm Discovery page in ADFS?
- Visual Studio 2015 Azure ADFS
- ADFS 3.0 not redirecting on signout
Related Questions in FOXIDS
- How to configure the NetCoreClientGrantConsoleSample in FoxIDs
- Is it possible to connect FoxIDs to Azure AD with OpenID Connect?
- Connect IdentityServer4 to FoxIDs
- How to setup custom domain for FoxIDs control web app
- How to deploy Preview slot for FoxIDs app?
- .net core 1.1 compatibility with FoxIDs SAML 2
- Create new Tenant based on existed. Import / Export operation in FoxIDs
- How does one to use BlazorWebAssembly Openid connect to Login.Gov?
- SAML 2.0 to OpenID Connect missing SUB claim
- Where can I find the values of blazorweba_oidcpkce_sample:access in class AccessPolicyAttribute of BlazorWebAssemblyOidcSample.Server.Policys?
- itfoxtec-identity-saml2 .NET Core MVC implementation, Is there any testdata we can test the implementation with?
- Session timeout and lifetime setting has no effect
- Custom entityID in SAML configuration FoxIDs
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
FoxIDs convert between SAML 2.0 and JWT claims. Where the
subclaim is converted from the SAML 2.0NameIDattribute/claim. TheNameIDclaim has the claim typehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier.Either you need to update the AD FS configuration to also issue the
NameIDclaim. Which results in asubclaim with theNameIDclaim value.Alternatively, if the AD FS e.g. are issuing a
UPN(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn) claim you can define a claims transformation in FoxIDs mapping theUPN(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn) claim to aNameID(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier) claim. This results in asubclaim with theUPNclaim value.To debug you can temporary add a
NameID(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier) claim with a constant value, which results in a sub claim.