Abp.AspNetZeroCore.Web 4.0.0 Azure Single Sign On - Name claim is missing Error #11023

enerjisauretim created 2 years ago

We are using Aspnetzero last version (v11.1.0) and this version is dependent on Abp.AspNetZeroCore.Web 4.0.0. Azure SSO throws "No claim is missing" error in Abp.AspNetZeroCore.Web 4.0.0 version.

If I downgrade Abp.AspNetZeroCore.Web 3.0.0 it's working.

Since the codes are obfuscated in versions above 4.0.0, I cannot see the details. Have you figure out this error before?

11 Answer(s)

0

maharatha created 2 years ago

I am having the same issue with Okta and someone else is also having the same issue:

I think the above error message is "name claim is missing"

Link Here
0

ismcagdas created 2 years ago
Support Team

Hi @enerjisauretim

Could it be "name claim is missing" as @maharatha suggested ? Or, do you use a claim named No on your app because Abp.AspNetZeroCore.Web doesn't use such a claim.

Thanks,
0

maharatha created 2 years ago

@ismcagdas any solution to my problem of the missing claim. The token clearly has the name claim in it.
0

enerjisauretim created 2 years ago

We are using ClaimsMapping.

"ClaimsMapping": [ { "claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "key": "http://schemas.microsoft.com/identity/claims/objectidentifier" }, { "claim" : "unique_name", "key": "preferred_username" } ] }

However to this Claim mappings 3.0.0 works but 4.0.0 also throws "Name claim is missing" an error.
0

maharatha created 2 years ago

@ismcagdas we need a solution for this , as it's kind of show stopper for us.

ismcagdas created 2 years ago

Support Team

Hi,

Could you try this ?

{
    "claim": "name",
    "key": "http://schemas.microsoft.com/identity/claims/objectidentifier"
},

0

maharatha created 2 years ago

Tried it didn't work. Please note the same token works on our previous versions of ANZ.

Below is the payload in the token :

{ "sub": "xxxxxxx", "name": "abc def", "locale": "cc", "ver": 1, "iss": "https://xys-dev.okta.com/oauth2/ausa4encmPghJQMuN356", "aud": "0oa99tynzwx1ZXFJh357", "iat": 1649879201, "exp": 1649882801, "jti": "ID.SfWV1w9rd7vXQiNUdfgUX3bJ7Jr5YsPuqYiL-vKcs", "amr": [ "pwd" ], "idp": "0oaabbuk8OMuWHMsk356", "nonce": "LUlaSVdnc2pSV2k4cVhDYlhxZ053anVOSZVYeG9RMDZOSGpqeFUwNkgwbFpU", "preferred_username": "[email protected]", "given_name": "abc", "family_name": "def", "zoneinfo": "cccccs", "updated_at": 1644261243, "auth_time": 1649879200 }

ismcagdas created 2 years ago

Support Team

Hi @maharatha

Could you call code block below in your ExternalAuthenticate method right before var externalUser = await GetExternalUserInfo(model); and share the list of claims in validatedTokenResult.Principal.Claims ?

var issuer = "-----------------"; // Use value from appsettings.json OpenID Authority.
if (string.IsNullOrEmpty(issuer))
{
	throw new ApplicationException("Authentication:OpenId:Issuer configuration is required.");
}

var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
	issuer.EnsureEndsWith('/') + ".well-known/openid-configuration",
	new OpenIdConnectConfigurationRetriever(),
	new HttpDocumentRetriever());

var validatedTokenResult = await ValidateToken(token, issuer, configurationManager);

0

JeffMH created 2 years ago

{ "claim": "name", "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" },

I added that as a claims mapping to fix the issue on my side.
0

ismcagdas created 2 years ago
Support Team

Thanks @jeffmh :)
0

maharatha created 2 years ago

Thank You @jeffmh, it worked

Have an answer to this question? Log in and write your answer.