Saml2 AttributeValues better be in multiple claims instead of a comma separated string

Question

Saml2 AttributeValues better be in multiple claims instead of a comma separated string

Closed this issue 9 years ago · 1 comments

SAML2/src/Owin.Security.Saml/SamlAttributeExtensions.cs is the related file. It will be better if we can have multiple claims instead of a comma separated string in terms of reading the claims value. I believe that comma is actually a valid character in the SAML2 attribute specs. In the event that the original attribute value contains a common, it will render the claim value to have incorrect value.

It has been kind of suggested in StackOverflow to add multiple claims in case of have multiple attribute values: http://stackoverflow.com/questions/24849031/storing-a-list-of-string-in-claim-system-security-claims

Answer 1 · 2016-03-11T23:22:01.000Z

I agree - I added a ToClaims extension method, deprecated the old ToClaim (which incidentally had a TODO for just this issue), and used the new ToClaims method internally when a ClaimsIdentity is generated. See fc41929