Disable the new WS-Federation claim mapping feature

OrchardCMS · Aug 4, 2023 · 8052bcf · 8052bcf
1 parent 22dacf6
commit 8052bcf
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/src/OrchardCore.Build/Dependencies.props b/src/OrchardCore.Build/Dependencies.props
@@ -46,8 +46,8 @@
     <PackageManagement Include="NJsonSchema" Version="10.9.0" />
     <PackageManagement Include="NLog.Web.AspNetCore" Version="5.3.2" />
     <PackageManagement Include="NodaTime" Version="3.1.9" />
-    <PackageManagement Include="OpenIddict.AspNetCore" Version="4.7.0-preview1.23371.26" />
-    <PackageManagement Include="OpenIddict.Core" Version="4.7.0-preview1.23371.26" />
+    <PackageManagement Include="OpenIddict.AspNetCore" Version="4.7.0-preview1.23377.63" />
+    <PackageManagement Include="OpenIddict.Core" Version="4.7.0-preview1.23377.63" />
     <PackageManagement Include="OrchardCore.Translations.All" Version="1.6.1" />
     <PackageManagement Include="PdfPig" Version="0.1.8" />
     <PackageManagement Include="Serilog.AspNetCore" Version="7.0.0" />

diff --git a/src/OrchardCore.Modules/OrchardCore.OpenId/Configuration/OpenIdClientConfiguration.cs b/src/OrchardCore.Modules/OrchardCore.OpenId/Configuration/OpenIdClientConfiguration.cs
@@ -117,6 +117,9 @@ public void Configure(OpenIddictClientOptions options)
 
             options.Registrations.Add(registration);
 
+            // Note: claims are mapped by CallbackController, so the built-in mapping feature is unnecessary.
+            options.DisableWebServicesFederationClaimMapping = true;
+
             // TODO: use proper encryption/signing credentials, similar to what's used for the server feature.
             options.EncryptionCredentials.Add(new EncryptingCredentials(new SymmetricSecurityKey(
                 RandomNumberGenerator.GetBytes(256 / 8)), SecurityAlgorithms.Aes256KW, SecurityAlgorithms.Aes256CbcHmacSha512));