I have integrated SAML2 Idp with Azure AD B2C. I am able to perform oAuth2 authentication and obtain id_token and access_token successfully.
I have a requirement to extract sso sessionIndex or session ID from SAML assertion into id_token/access_token. I noticed sessionIndex/ID are not coming as `<saml:Attribute>`. But it is available under `<saml:AuthnStatement>`:
Here is my custom policy settings:
I need to get this sessionIndex as part of my oauth2 JWT. Any help would be appreciated.
I have a requirement to extract sso sessionIndex or session ID from SAML assertion into id_token/access_token. I noticed sessionIndex/ID are not coming as `<saml:Attribute>`. But it is available under `<saml:AuthnStatement>`:
<saml:AuthnStatement AuthnInstant="2018-10-30T18:28:42Z" SessionIndex="A659D5A1B123456BA0EA744B80CB1AFA2EB6BBD14" SessionNotOnOrAfter="2018-10-31T02:30:42Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement>
Here is my custom policy settings:
<ClaimsProvider><Domain>samlIdp</Domain><DisplayName>samlIdp</DisplayName><TechnicalProfiles><TechnicalProfile Id="samlIdpProfile"><DisplayName>samlIdpProfile</DisplayName><Description>Login with your account</Description><Protocol Name="SAML2" /><Metadata><Item Key="RequestsSigned">false</Item><Item Key="WantsEncryptedAssertions">false</Item><Item Key="WantsSignedAssertions">false</Item><Item Key="PartnerEntity">https://samlIdp.com/.well-known/samlidp.xml</Item></Metadata><CryptographicKeys><Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_SAMLSigningCert" /><Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SAMLSigningCert" /></CryptographicKeys><OutputClaims><OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="userId" /><OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" /><OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" /><OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" /><OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="username" /><!-- newly added claims --><OutputClaim ClaimTypeReferenceId="sessionId" DefaultValue="na" PartnerClaimType="ID" /><OutputClaim ClaimTypeReferenceId="sessionIndex" DefaultValue="na" PartnerClaimType="sessionIndex" /></OutputClaims><OutputClaimsTransformations><OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" /><OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" /><OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" /><OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" /></OutputClaimsTransformations><!--<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" /> --><UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml" /></TechnicalProfile></TechnicalProfiles></ClaimsProvider>
I need to get this sessionIndex as part of my oauth2 JWT. Any help would be appreciated.