Support NameID without a Format.

Saml2AuthnResponse do not add "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" as default NameID Format.

Author: Revsgaard

src/ITfoxtec.Identity.Saml2.Mvc/ITfoxtec.Identity.Saml2.Mvc.csproj

@@ -14,10 +14,10 @@
     <PackageTags>SAML SAML 2.0 SAML2.0 SAML2 SAML 2 SAML-P SAMLP SSO Identity Provider (IdP) and Relying Party (RP) Authentication Metadata OIOSAML NemLog-in ASP.NET MVC</PackageTags>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageIconUrl>https://itfoxtec.com/favicon.ico</PackageIconUrl>
-    <AssemblyVersion>4.2.0.0</AssemblyVersion>
-    <FileVersion>4.2.0.0</FileVersion>
+    <AssemblyVersion>4.3.0.0</AssemblyVersion>
+    <FileVersion>4.3.0.0</FileVersion>
     <Copyright>Copyright © 2021</Copyright>
-    <Version>4.2.0</Version>
+    <Version>4.3.0</Version>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>ITfoxtec.SAML2.snk</AssemblyOriginatorKeyFile>
     <DelaySign>false</DelaySign>

src/ITfoxtec.Identity.Saml2.MvcCore/ITfoxtec.Identity.Saml2.MvcCore.csproj

@@ -16,10 +16,10 @@
     <PackageTags>SAML SAML 2.0 SAML2.0 SAML2 SAML 2 SAML-P SAMLP SSO Identity Provider (IdP) Relying Party (RP) Authentication Metadata OIOSAML NemLog-in ASP.NET MVC Core</PackageTags>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageIconUrl>https://itfoxtec.com/favicon.ico</PackageIconUrl>
-    <AssemblyVersion>4.2.0.0</AssemblyVersion>
-    <FileVersion>4.2.0.0</FileVersion>
+    <AssemblyVersion>4.3.0.0</AssemblyVersion>
+    <FileVersion>4.3.0.0</FileVersion>
     <Copyright>Copyright © 2021</Copyright>
-    <Version>4.2.0</Version>
+    <Version>4.3.0</Version>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>ITfoxtec.SAML2.snk</AssemblyOriginatorKeyFile>
     <DelaySign>false</DelaySign>

src/ITfoxtec.Identity.Saml2/ITfoxtec.Identity.Saml2.csproj

@@ -23,10 +23,10 @@ Tested for compliance with AD FS, Azure AD and Azure AD B2C. Furthermore, the Da
     <PackageTags>SAML SAML 2.0 SAML2.0 SAML2 SAML 2 SAML-P SAMLP SSO Identity Provider (IdP) Relying Party (RP) Authentication Metadata OIOSAML NemLog-in</PackageTags>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageIconUrl>https://itfoxtec.com/favicon.ico</PackageIconUrl>
-    <AssemblyVersion>4.2.0.0</AssemblyVersion>
-    <FileVersion>4.2.0.0</FileVersion>
+    <AssemblyVersion>4.3.0.0</AssemblyVersion>
+    <FileVersion>4.3.0.0</FileVersion>
     <Copyright>Copyright © 2021</Copyright>
-    <Version>4.2.0</Version>
+    <Version>4.3.0</Version>
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>ITfoxtec.SAML2.snk</AssemblyOriginatorKeyFile>
     <DelaySign>false</DelaySign>

src/ITfoxtec.Identity.Saml2/Request/Saml2AuthnResponse.cs

@@ -184,10 +184,6 @@ private void AddNameIdFormat()
             if (NameId == null) throw new ArgumentNullException("NameId property");
 
             Saml2SecurityToken.Assertion.Subject.NameId = NameId;
-            if (Saml2SecurityToken.Assertion.Subject.NameId.Format == null)
-            {
-                Saml2SecurityToken.Assertion.Subject.NameId.Format = Schemas.NameIdentifierFormats.Persistent;
-            }
         }
 
         private void AddSubjectConfirmation(Saml2SubjectConfirmation subjectConfirmation)

src/ITfoxtec.Identity.Saml2/Request/Saml2LogoutRequest.cs

@@ -48,7 +48,16 @@ public Saml2LogoutRequest(Saml2Configuration config, ClaimsPrincipal currentPrin
             var identity = currentPrincipal.Identities.First();
             if (identity.IsAuthenticated)
             {
-                NameId = new Saml2NameIdentifier(ReadClaimValue(identity, Saml2ClaimTypes.NameId), new Uri(ReadClaimValue(identity, Saml2ClaimTypes.NameIdFormat, false)));
+                var nameIdFormat = ReadClaimValue(identity, Saml2ClaimTypes.NameIdFormat, false);
+                if (string.IsNullOrEmpty(nameIdFormat)) 
+                {
+                    NameId = new Saml2NameIdentifier(ReadClaimValue(identity, Saml2ClaimTypes.NameId));
+                }
+                else
+                {
+                    NameId = new Saml2NameIdentifier(ReadClaimValue(identity, Saml2ClaimTypes.NameId), new Uri(nameIdFormat));
+
+                }
                 SessionIndex = ReadClaimValue(identity, Saml2ClaimTypes.SessionIndex, false);
             }           
         }

test/TestIdPCore/Controllers/AuthController.cs

@@ -109,6 +109,7 @@ private IActionResult LoginResponse(Saml2Id inResponseTo, Saml2StatusCodes statu
 
                 var claimsIdentity = new ClaimsIdentity(claims);
                 saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent);
+                //saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single());
                 saml2AuthnResponse.ClaimsIdentity = claimsIdentity;
 
                 var token = saml2AuthnResponse.CreateSecurityToken(relyingParty.Issuer, subjectConfirmationLifetime: 5, issuedTokenLifetime: 60);