I've trying to get Single Sign On working with a product and we are using ADFS 2.0 as our Identity Provider.
All negotiation is happening correctly, the problem is when they receive the SAML response from ADFS 2.0, they reject the response because they can't find the attributes. They say it is becayse the AttributeStatement is being sent in a wrong format (SAML:1.1) Here is what ADFS is sending:
<AttributeStatement>
<Attribute Name="EmailAddress">
<AttributeValue>vah.piotrzak@gmail.com</AttributeValue>
</Attribute>
<Attribute Name="FullName">
<AttributeValue>Vah Piotrzak</AttributeValue>
</Attribute>
<Attribute Name="LSWRole">
<AttributeValue>agent</AttributeValue>
</Attribute>
</AttributeStatement>
They are expecting a "SAML:2.0" format:
<saml:AttributeStatement>
<saml:Attribute Name="FullName">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">David
Parish</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LSWRole">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">supervisor</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="EmailAddress">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">david.parish@socialdynamx.com</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
Is there a way to force ADFS to send AttributeStatement in format as shown above?