How to setup OIOSAML 3.0 NameID format

Question: How can I use the Scripting claims transformation to issue a NameID?

Answer: You can use the built-in IssueNameId method of the Scripting claims transformation to issue a NameID. The example below uses an email claim as NameID.

Example:

const string spName = "";
var nameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
var email = GetClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
IssueNameId(email, nameIDFormat, spName);

Question: How can I use the Scripting claims transformation to issue a transient NameID that meets OIOSAML 3.0's requirement?

Answer: You can generate a random GUID to use for the NameID value and pass it to the IssueTransientNameId method.

Example:

const string spName = "";
const string nameIDTemplate = "https://data.gov.dk/model/core/eid/person/uuid/{0}";
var nameIDValue = string.Format(nameIDTemplate, Guid.NewGuid().ToString());
IssueTransientNameId(nameIdValue, nameIDFormat, spName);

Question: If I do log in via an upstream Identity Provider and it returns a NameID, how can I pass the NameID to my Service Provider as-is?

Answer: One way is that you can use the NameID claims transformation. You can also use the Scripting claims transformation as in the example below.

Example:

// constants
const string spName = "";

// get value and format from identity provider
string nameIDValue = GetNameIdFromIdentityProvider();
string nameIDFormat = GetNameIdFormatFromIdentityProvider();
// assuming that nameIDValue and nameIDFormat have values. If you aren't sure if they exist, add more checks.
if (nameIDFormat.Equals(Safewhere.IdentityProviderModel.Tokens.Saml2Constants.NameIdentifierFormats.Transient.OriginalString, StringComparison.OrdinalIgnoreCase))
{
    IssueTransientNameId(nameIDValue, spName);
}
else
{
    IssueNameId(nameIDValue, nameIDFormat, spName);
}

Question: When I log in using either an upstream IDP or a Username & Password connection that has NameID value stored in a claim, how can I use the Scripting claims transformation to issue a NameID?

Answer: You can use the GetClaim method to get the value and then use one of the Issue methods described previously.

var claimValue = GetClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier");