I am using IdentityServer3 for authentication and i have also configured Azure AD as external provider in IdentityServer3. Since Azure AD is using SAML2 protocol i am using SustainSys library to configure Azure AD.
In Azure AD i have configure the payload as below. Notice the email is included in the payload
However, after user is authenticated in Azure AD, and request comes back to IdentityServer, SustainSys library is not including email claim.
Is there any configuration i need to do in SustainSys library to include email claim? In IdentityServer3 I am loading Azure AD provider using code
private void AddSAML2Idp(IAppBuilder app, SAML2Provider provider, string signInAsType)
{
var authenticationOptions = new Saml2AuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId(provider.AuduenceURI), // Auduence URI
MinIncomingSigningAlgorithm = provider.MinIncomingSigningAlgorithm,
ModulePath = string.Format("/{0}", provider.Idp)
},
SignInAsAuthenticationType = signInAsType,
AuthenticationType = provider.Idp,
Caption = provider.Caption
};
UseIdSrv3LogoutOnFederatedLogout(app, authenticationOptions);
authenticationOptions.SPOptions.ServiceCertificates.Add(LoadCertificateFromWindwosStore(ApplicationConfig.Saml2SigningCertificateSubjectName));
var identityProvider = new IdentityProvider(new EntityId(provider.EntityID), authenticationOptions.SPOptions)
{
MetadataLocation = provider.MetadataLocation,
LoadMetadata = true
};
authenticationOptions.IdentityProviders.Add(identityProvider);
app.UseSaml2Authentication(authenticationOptions);
}