Issues Retrieving Claims Data After Azure AD SSO Configuration.

Question

Issues Retrieving Claims Data After Azure AD SSO Configuration.

Darshan 40

Hi,

Configured SSO using Azure AD in an ASP.Net MVC project, but after a successful login, the user email claim is coming back as blank. What could be causing this issue?

As shown in the attached image, claims data are null after user login. ClaimsNull

The login URL is shown in this screenshot: Screenshot 2025-01-06 113633

Additionally, here's another image showing the username claim as null: UsernameNull

Darshan 40 Reputation points

2025-01-07T06:47:51.7133333+00:00

Hi Akhilesh,

I added the email Attributes & Claims. but still I'm getting claims null. Also "user.identity.isauthenticated" is false after successful login.
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-01-07T21:41:50.7933333+00:00

@Darshan
Have you test the Entra ID Claims and Single Sign-On Enterprise Apps ? is the user has an email address in Entra ID? If the user does not have an email address in Entra ID, then the email claim will be blank.
The other side kindly check the SAML token and see if the email claim is present in the token.
Also, kindly review the Audit logs and see if you find any insights on this issue
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-01-09T18:35:15.08+00:00

Hi @Darshan
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Darshan 40 Reputation points

2025-01-10T08:50:14.7166667+00:00
Hi Akhilesh Vallamkonda,In my application,

I'm using SSO URL (ref(above, The login URL is shown in this screenshot:)) for login after successful login i'm unable to get the user name/email. The claims are added in azure application as u said earlier.

When I do the same sso login using below method it's work. means I get the username after login.

" public void SignIn()

{ HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType); }".

Hope u understand my issue.
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-01-21T19:04:39+00:00

Hi @Darshan
could you please collect the fiddler trace or browser capture and see the requesting is passing the right endpoint and share to azcommunity [at] microsoft [dot] com.
Reference: Capture web requests with Fiddler
Capture a browser trace for troubleshooting

1 answer

Your answer

Darshan 40 Reputation points

2025-01-07T06:47:51.7133333+00:00

Hi Akhilesh,

I added the email Attributes & Claims. but still I'm getting claims null. Also "user.identity.isauthenticated" is false after successful login.
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-01-07T21:41:50.7933333+00:00

@Darshan
Have you test the Entra ID Claims and Single Sign-On Enterprise Apps ? is the user has an email address in Entra ID? If the user does not have an email address in Entra ID, then the email claim will be blank.
The other side kindly check the SAML token and see if the email claim is present in the token.
Also, kindly review the Audit logs and see if you find any insights on this issue
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-01-09T18:35:15.08+00:00

Hi @Darshan
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Darshan 40 Reputation points

2025-01-10T08:50:14.7166667+00:00

Hi Akhilesh Vallamkonda,In my application,

I'm using SSO URL (ref(above, The login URL is shown in this screenshot:)) for login after successful login i'm unable to get the user name/email. The claims are added in azure application as u said earlier.

When I do the same sso login using below method it's work. means I get the username after login.

" public void SignIn()

{ HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType); }".

Hope u understand my issue.
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-01-21T19:04:39+00:00

Hi @Darshan
could you please collect the fiddler trace or browser capture and see the requesting is passing the right endpoint and share to azcommunity [at] microsoft [dot] com.
Reference: Capture web requests with Fiddler
Capture a browser trace for troubleshooting

Answer 1

Hi @Darshan

Thank you for reaching Microsoft Q&A Forum!

I understand that email claim is not being returned after a successful login. It might be issue with the email attribute is not being mapped correctly.
Go to the Microsoft Entra admin center and navigate to the Applications section-> Enterprise application Select the application that you have configured for SSO.

Click on the Single sign-on option in the left-hand menu.

Under the SAML Signing Certificate section, click on the Edit button for User Attributes & Claims.

Check if the email attribute is mapped correctly. The email attribute should be mapped to the user.mail attribute in Entra ID.

If the email attribute is mapped correctly, check the SAML token and see if the email attribute is present in the token. Also, review the detailed Audit logs and see if you find any insights on this issue. could you please collect the fiddler trace or browser capture and see the requesting is passing the right endpoint.

Share via

Issues Retrieving Claims Data After Azure AD SSO Configuration.

1 answer

Your answer