Question

Azure AAD No Claim Types

2

Hi All, We are currently using the SAML module in our apps and have this configured to authenticate to our organizations ADFS. However we are in a project of switching to Azure AD. So we want to reconfigure our SAML module to allow the AAD. Our current process for apps is quite simple as we simply configure the SAML Module with the XML file we get from the ADFS. The claim types are retrieved from this XML. When we would like to do the same with the XML from the AD, we notice that there are no Claim Types Requested (fed:ClaimsTypeRequested) only Claim Types Offered (fed:ClaimsTypeOffered), though in the ADFS XML we have both. Is this typical in the AAD Xml? That you do not get the ClaimsTypeRequested? How then do you add your claim types in your SAML configuration? Because now he cannot find any Claim Types? I have tried adding an attribute manually to the XML but that does not get it in the application as well. How come this list is empty for the XML?

asked 2019-02-11

Bob van Heijster

3 answers

Ronald Catersels · Answer 1 · 2019-02-11

Could you try with the option Use Name ID? With that option I got it to work. On the Azure side they can define what is put in there. So use something you have on your side to do the mapping.

Regards,

Ronald

Nikel Kruizinga · Answer 2 · 2019-02-11

I recognize this issue, pretty sure I have run into exactly the same issue in the past.

I am pretty sure I was working on a modified SAML module anyway at the time so it was an easy fix to parse the claims ourselves and handle them as needed.

As the relevant standards (what are they even, I honestly don't know exactly) are quite complex I also have no idea if this is the result of a configuration error on the Azure side or a bug on the Mendix side. But since you are not the first to run into this it seems like you should be able to at least override the configuration manually on the Mendix side.

Tom Kostiainen · Answer 3 · 2019-09-04

Bob, did you solve this? We are experiencing the same problem with Azure AD. Using the metadata of our ADFS server on the same app works as expected. The ClaimsTypeRequested seems to be a non-standard information according to google.

We can see the claim types listed in the XML provided by Azure AD but the SAML module fails to load them. Made a ticket to support: #88011