protected override ClaimsIdentity GetOutputClaimsIdentity(ClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
{
if (null == principal)
{
throw new InvalidRequestException("The caller's principal is null.");
}
var userId = principal.Claims.First(claim => claim.Type == ClaimTypes.NameIdentifier).Value;
var user = AsyncRunner.RunNoSynchronizationContext(() => _userStore.FindByIdAsync(userId));
if (user == null)
{
_userStore.CreateAsync(new T {
Id = userId
});
user = AsyncRunner.RunNoSynchronizationContext(() => _userStore.FindByIdAsync(userId));
_userStore.AddLoginAsync(user, new UserLoginInfo(_loginProviderName, userId));
}
var callerIdentity = (ClaimsIdentity)principal.Identity;
var identity = callerIdentity.Clone();
var authenticationmethod = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod"; // this one triggers: The 'AuthenticationInstant' used to create a 'SAML11' AuthenticationStatement cannot be null. Thereforme it is removed.
foreach (var claim in identity.Claims.Where(claim => claim.Type == authenticationmethod))
{
identity.RemoveClaim(claim);
}
var claims = AsyncRunner.RunNoSynchronizationContext(() => (_userStore.GetClaimsAsync(user)));
identity.AddClaims(claims.Select(x => new Claim(x.Type, HttpUtility.UrlEncode(x.Value))));
// Append default namespace to avoid ID4216: The ClaimType '...' must be of format 'namespace'/'name'.
foreach (var claim in identity.Claims.ToList())
{
if (claim.Type.Contains("/"))
{
continue;
}
identity.RemoveClaim(claim);
identity.AddClaim(new Claim(Consts.DefaultClaimNamespace + claim.Type, claim.Value));
}
return(identity);
}
