Retrieve Claims from SAML response received from ADFS

0
votes

I have a situation wherein, I have federated my Identity Provider from WSO2 Identity Server to MS ADFS. I have created a frontend web application that calls the Identity Server and inturn the MSADFS. Login is fine and response from ADFS is also fine. I checked in the 'Fiddler' tool where I have a good SAML request and response too. I checked the SAML response which contains all what i need (Eg. givenname/surname/emailaddress etc).
I have following two questions.

1. How to retrieve or access the claims in my Client Java Application.
2. Can we print the claims in that are received from MSADFS in Identity Server Logs.

Just to add, the access of claims is working fine with Facebook as IdP.
Please guide me to a link on above.

Help Appreciated.

1
javasaml-2.0wso2isadfs2.0
It seems ADFS is sending the needed claims. If this is the case, you need to have WS02 Identity server to pass this. I'm not an expert on this. Regarding accessing these claims, it would depend on which library you are using within your app. Out of curiosity, why are you routing through Identity server?SamuelD MSFT
Can you post the SAML response from ADFS side ?Gayan

1 Answers

1
votes

Assuming that ADFS is correctly sending the SAML response, first you need to map the ADFS's claims to WSO2 Identity Server's local user claims. For that, you need to edit the IDP's claim configuration section and add each claim.

Go to IDP's config -> Claim Configuration -> Basic Claim Configuration

Then add a custom claim dialect and map claims with WSO2 user claims.

After that, to retrieve these claims to client application, you need to edit Service Provider's configuration and go to Claim Configuration and add the claims as Requested Claims [1].

Additionally, you need to make sure in the SAML configuration of Service Provider, you have checked following checkboxes.

Enable Attribute Profile Include Attributes in the Response Always

Then you should receive the claims to client app.

[1] http://tharindue.blogspot.com/2016/08/retrieving-user-claims-in-saml-response.html