I'm trying to set up authentication against ADFS using ws-federation
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
options.Wtrealm = "https://localhost:44351/";
options.MetadataAddress = "https://xxx/federationmetadata/2007-06/federationmetadata.xml";
})
.AddCookie();
Six claims are returned, but I know that there are other claims which are not returned. For example the claim nameidentifier (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier).
How can I make ADFS return more claims?
As far as I know, you should set the ADFS server to return the more claims instead of doing it at the client side.
You should have the enough permission to manage your server and follow this article to modify the ADFS server to return more claims or custom claims.
More details, you could refer to this article.