Vista - Not Able to generate SamlAttribute using Custom Claim

Hi,

In my STS implementation I wanted to send a SAML token with custom
attribute to the clients. I read the article on MSDN
http://msdn2.microsoft.com/en-us/library/ms734687.aspx for guidance,
but when I tried to use that approach I got an error - "This
SamlAttribute constructor requires that the resource of the claim is
of type 'string'. The only difference in my case and the example
mentioned in above link is that I have used Serializable Attribute
instead of DataContract.



The type is defined as -



[Serializable]

[XmlTypeAttribute(Namespace = "http://ns.qberi.com/v1.0/
SecurityTypes/")]

[XmlRootAttribute(Namespace = "http://ns.qberi.com/v1.0/
SecurityTypes/", IsNullable = false)]

public partial class ForAgentsUserSecurityContext

{

....

}



Here is the code that creates a claim for above resource type.



protected override Collection<SamlAttribute>
GetIssuedClaims(RequestSecurityToken requestSecurityToken)

{

Collection<SamlAttribute> col = new Collection<SamlAttribute>();

Claim claim = new Claim("http://ns.qberi.com/v1.0/SecurityTypes/",
GetForAgentsUserSecurityContext(), Rights.PossessProperty);

SamlAttribute forAgentsUserSecurityContext = new SamlAttribute(claim);

col.Add(forAgentsUserSecurityContext);

return col;

}



The method GetForAgentsUserSecurityContext() in above code returns an
object of type ForAgentsUserSecurityContext.



The error message is - "This SamlAttribute constructor requires
that the resource of the claim is of type 'string'.".



Thanks,

It means that you've created a Claim but assigned it's Resource a
value that is not of type string - it must be a string for the SAML
token to include it.

Forgot to add,,,you cant set an object as the resource if you want to
send it in SAML...you might want to define one claim type per public
property of this object and make sure to call <property>.ToString()
when u assign to claim resource,

On Sep 7, 7:10 pm, Priya <priya.marw...@xxxxxx> wrote:Forgot to add,,,you cant set an object as the resource if you want to
send it in SAML...you might want to define one claim type per public
property of this object and make sure to call <property>.ToString()
when u assign to claim resource,

On Sep 7, 9:19 am, Priya <priya.marwaha@xxxxxx> wrote:Priya,
Thanks for the response.

This seems like limitation of .net implmentation of SAML to me. I was
trying SAML assertion to look something like this which is perfectly
valid with SAML 1.1 profile.

<saml:Attribute
AttributeName="ForAgentsSecurityContext" AttributeNamespace="http://
ns.wush.com/v1.0/Agency/">
<saml:AttributeValue Format="xsi:ForAgentsSecurityContext">
<Roles>
<Role>Underwriter</Role>
</Roles>
<LegalAgenciesIds>
<AgencyId>123456</AgencyId>
<AgencyId>123457</AgencyId>
<AgencyId>123458</AgencyId>
</LegalAgencies>
<AgencyAccountIds>
<AcountId>4578</AcountId>
<AcountId>4589</AcountId>
<AcountId>4583</AcountId>
</AgencyAccountIds>
<AgencyStateCodes>
<StateCode>WI</AgencyAcountId>
<StateCode >IL</StateCode>
<StateCode >MN</StateCode>
</AgencyStateCodes>
</saml:AttributeValue>
</saml:Attribute>

Thanks,

Probably....but for now you would pretty much need to define a single
claim per attribute and make sure you convert it to string before
attaching to SAML token.

On Sep 11, 2:36 am, Gaurav <gaurav.vijaywar...@xxxxxx> wrote: