When Identify receives an assertion from upstream IdP, it converts the assertion into a ClaimsPrincipal object and passes it into the claim pipeline. By default, the claims principal doesn’t contain the original assertion, which is also called the bootstrap token. In order to let Identify make the bootstrap token available for being used in the claim pipeline, you can follow two simple steps below:
- Open the SAML 2.0 Authentication Connection of the upstream IdP
- Check the “Set bootstrap token for ClaimsPrincipal” check box.