Base solution for your next web application
Open Closed

Abp.AspNetZeroCore.Web 4.0.0 Azure Single Sign On - Name claim is missing Error #11023


User avatar
0
enerjisauretim created

We are using Aspnetzero last version (v11.1.0) and this version is dependent on Abp.AspNetZeroCore.Web 4.0.0. Azure SSO throws "No claim is missing" error in Abp.AspNetZeroCore.Web 4.0.0 version.

If I downgrade Abp.AspNetZeroCore.Web 3.0.0 it's working.

Since the codes are obfuscated in versions above 4.0.0, I cannot see the details. Have you figure out this error before?


11 Answer(s)
  • User Avatar
    0
    maharatha created

    I am having the same issue with Okta and someone else is also having the same issue:

    I think the above error message is "name claim is missing"

    Link Here

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @enerjisauretim

    Could it be "name claim is missing" as @maharatha suggested ? Or, do you use a claim named No on your app because Abp.AspNetZeroCore.Web doesn't use such a claim.

    Thanks,

  • User Avatar
    0
    maharatha created

    @ismcagdas any solution to my problem of the missing claim. The token clearly has the name claim in it.

  • User Avatar
    0
    enerjisauretim created

    We are using ClaimsMapping.

    "ClaimsMapping": [ { "claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "key": "http://schemas.microsoft.com/identity/claims/objectidentifier" }, { "claim" : "unique_name", "key": "preferred_username" } ] }

    However to this Claim mappings 3.0.0 works but 4.0.0 also throws "Name claim is missing" an error.

  • User Avatar
    0
    maharatha created

    @ismcagdas we need a solution for this , as it's kind of show stopper for us.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Could you try this ?

    {
        "claim": "name",
        "key": "http://schemas.microsoft.com/identity/claims/objectidentifier"
    },
    
  • User Avatar
    0
    maharatha created

    Tried it didn't work. Please note the same token works on our previous versions of ANZ.

    Below is the payload in the token :

    { "sub": "xxxxxxx", "name": "abc def", "locale": "cc", "ver": 1, "iss": "https://xys-dev.okta.com/oauth2/ausa4encmPghJQMuN356", "aud": "0oa99tynzwx1ZXFJh357", "iat": 1649879201, "exp": 1649882801, "jti": "ID.SfWV1w9rd7vXQiNUdfgUX3bJ7Jr5YsPuqYiL-vKcs", "amr": [ "pwd" ], "idp": "0oaabbuk8OMuWHMsk356", "nonce": "LUlaSVdnc2pSV2k4cVhDYlhxZ053anVOSZVYeG9RMDZOSGpqeFUwNkgwbFpU", "preferred_username": "[email protected]", "given_name": "abc", "family_name": "def", "zoneinfo": "cccccs", "updated_at": 1644261243, "auth_time": 1649879200 }

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @maharatha

    Could you call code block below in your ExternalAuthenticate method right before var externalUser = await GetExternalUserInfo(model); and share the list of claims in validatedTokenResult.Principal.Claims ?

    var issuer = "-----------------"; // Use value from appsettings.json OpenID Authority.
    if (string.IsNullOrEmpty(issuer))
    {
    	throw new ApplicationException("Authentication:OpenId:Issuer configuration is required.");
    }
    
    var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
    	issuer.EnsureEndsWith('/') + ".well-known/openid-configuration",
    	new OpenIdConnectConfigurationRetriever(),
    	new HttpDocumentRetriever());
    
    var validatedTokenResult = await ValidateToken(token, issuer, configurationManager);
    
  • User Avatar
    0
    JeffMH created

    { "claim": "name", "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" },

    I added that as a claims mapping to fix the issue on my side.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Thanks @jeffmh :)

  • User Avatar
    0
    maharatha created

    Thank You @jeffmh, it worked