ITFoxtec SAML2 Authentication, Blazor gets the authenticated user, but the MVC part are not

Question

Good Day Everyone

I have this wierd happening to our application, I have a Blazor Server Side application that has a ITFoxtec as our SAML2 authentication with our global company as a provider, then I add a controller where the authentication will start.

We have 2 SAML2 provider, one is for our production and one is for our stage environment, last year, we test the SAML2 on our staging and it's working, then when we deployed it on our production environment it is also working, it provides authorization on both the MVC and Blazor components, and it's working properly

Then for our staging we switch the authentication to simple login, in order for us to test different users and roles, then months after, when we used the SAML2 to our staging environment, a strange things happened, the Blazor components can get the authenticated user but the MVC are not, the authentication is true, but the User.Identity.Name is null

We didn't change anything on the setup of our SAML2 coding, only the IdPMetadata, Issuer and Saml2 config on our appsettings.json

It's very strange as it works on our production normally but on staging is not.

Does anyone encounter this wierd thing in SAML2 and ITFoxtec?

Thanks and regards

Answer 1

I think it is because the IdP do not return an NameID value which is interpreted as ClaimTypes.NameIdentifier = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" in .NET.

You can change the ClaimTypes.NameIdentifier parameter to a claim you get return in the ClaimsTransform.cs, pleass see: https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCore/Identity/ClaimsTransform.cs#L31