private async Task SecurityTokenValidated(SecurityTokenValidatedNotification <WsFederationMessage, WsFederationAuthenticationOptions> notification, IProviderCommitmentsLogger logger, AuthenticationOrchestrator orchestrator, AccountOrchestrator accountOrchestrator) { logger.Info("SecurityTokenValidated notification called"); var identity = notification.AuthenticationTicket.Identity; var id = identity.Claims.FirstOrDefault(claim => claim.Type == (DasClaimTypes.Upn))?.Value; var displayName = identity.Claims.FirstOrDefault(claim => claim.Type == (DasClaimTypes.DisplayName))?.Value; var ukprn = identity.Claims.FirstOrDefault(claim => claim.Type == (DasClaimTypes.Ukprn))?.Value; var email = identity.Claims.FirstOrDefault(claim => claim.Type == (DasClaimTypes.Email))?.Value; long parsedUkprn; if (!long.TryParse(ukprn, out parsedUkprn)) { logger.Info($"Unable to parse Ukprn \"{ukprn}\" from claims for user \"{id}\""); return; } var showReservations = await accountOrchestrator.ProviderHasPermission(parsedUkprn, Operation.CreateCohort); identity.AddClaim(new Claim(DasClaimTypes.ShowReservations, showReservations.ToString(), "bool")); identity.MapClaimToRoles(); await orchestrator.SaveIdentityAttributes(id, parsedUkprn, displayName, email); }