ADFS retrieving claims using native client application

G_Niles 0 Reputation points
2024-07-01T22:16:09.97+00:00

Hi,

We are currently attempting to write a test application in C#, which needs to retrieve certain claims upon authorization. No matter what we have tried, it seems we only receive the same 10 claims from the ADFS server (see image for the received claims) . We are using .NET Framework 4.8, is this a forum to ask code related questions? If so I could post what code we have.

Thank you.

G Niles

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,920 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,265 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,011 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jiale Xue - MSFT 46,456 Reputation points Microsoft Vendor
    2024-07-02T03:11:23.1366667+00:00

    Hi @G_Niles , Welcome to Microsoft Q&A,

    Make sure that the correct claim rules are configured in ADFS to publish the claims you need. You can check and configure by following the steps below:

    1. Open the ADFS Management Console.
    2. Navigate to Relying Party Trusts.
    3. Select your application and click Edit Claim Rules.
    4. In the Sending Rules tab, check the existing claim rules. If you need to add new claim rules, you can click the Add Rule button and follow the wizard.

    Check your application's web.config or app.config file to make sure it is configured correctly. Pay special attention to the following points:

    • wsFederation configuration section
    • identityConfiguration configuration section

    Make sure the claim type (URI) is correct. For example:

    <system.identityModel>
      <identityConfiguration>
        <claimsAuthenticationManager type="YourNamespace.YourClaimsAuthenticationManager, YourAssembly" />
        <claimsAuthorizationManager type="YourNamespace.YourClaimsAuthorizationManager, YourAssembly" />
      </identityConfiguration>
    </system.identityModel>
    
    <system.identityModel.services>
      <federationConfiguration>
        <cookieHandler requireSsl="false" />
        <wsFederation passiveRedirectEnabled="true" issuer="https://your-adfs-server/adfs/ls/" realm="https://your-app" requireHttps="false" />
      </federationConfiguration>
    </system.identityModel.services>
    
    

    Best Regards,

    Jiale


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Josip Jurišić 1 Reputation point
    2024-07-15T08:59:31.2766667+00:00

    Hi @G_Niles ,

    There are default claims that are sent to the app if there are no additional claims configured via "Edit Claim Issuance Policy" in ADFS console.

    If you need to configure any additional attribute to be provided for successful authentication/authorization, please feel free to configure it through "Edit Claim Issuance Policy" in ADFS console.

    Also, when you're configuring additional claims, these claims needs to follow some "logic" in process, so please let me know which attributes you need to receive from AD, so I can help you with.

    Best regards,

    JJ


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.