问题
As a service provider we are getting following claims from IDP (ADFS).
- http://kentor.se/AuthServices/LogoutNameIdentifier
- http://kentor.se/AuthServices/SessionIndex
In AuthServices codebase AuthServicesClaimTypes.ClaimTypeNamespace is set to http://kentor.se/AuthServices. Should this namespace reflect SP (https://mysite/AuthServices)?
Also, under identityProviders configuration section (web.config), I am not setting logoutUrl, but still I am getting LogoutNameIdentifier claim from Idp. We do not support single logout.
Any suggestion is highly appreciated.
Thank you.
回答1:
- No, they should not reflect the namespace of your SP. The claim names are is using http://kentor.se to ensure they cannot collide with something else.
- It's a missing feature/bug that those claims are added even though you haven't configured single logout.
来源:https://stackoverflow.com/questions/40163052/kentor-authservices-claimtypenamespace-for-sessionindex-and-logoutnameidentifie