ITfoxtec.Identity.Saml2 Saml2LogoutRequest - NameQualifier and SPNameQualifier come up empty

Question

I'm using ITfoxtec.Identity.Saml2 to process Logout Request. With this bit of code I'm expecting to retrieve these three NameId elements from the incoming request:

Saml2LogoutRequest logoutRequest = new Saml2LogoutRequest(config);
var binding = new Saml2PostBinding();
binding.ReadSamlRequest(Request.ToGenericHttpRequest(), logoutRequest);

string spNameQualifier = logoutRequest .NameId.SPNameQualifier;
string nameQualifier = logoutRequest .NameId.NameQualifier;
string nameIdValue = logoutRequest .NameId.Value;

I'm struggling to figure out why I'm getting empty spNameQualifier and nameQualifier while nameIdValue and Format contain the correct value.

screenshot from debugger

This is how the request looks like and I guess that all the data should be coming from the saml2:NameID element:

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:LogoutRequest Destination="{value}" ID="{value}" IssueInstant="{value}" NotOnOrAfter="{value}" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">{value}</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="{value}">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>{value}</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
{value}
</ds:SignatureValue>
    </ds:Signature>
    <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="{expectedNameQualifier}" SPNameQualifier="{expectedSPNameQualifier}" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">{expectedAndRecievedValue}</saml2:NameID>
    <saml2p:SessionIndex>{value}</saml2p:SessionIndex>
</saml2p:LogoutRequest>

What am I missing and why won't the two properties parse properly?

With ITfoxtec.Identity.Saml2 I'm trying to get data from the Logout Request to do some manual handling. I'm getting empty NameId elements: spNameQualifier and nameQualifier while nameIdValue and Format contain the correct value.

Answer 1

I'm afraid that the code in ITfoxtec Identity Saml2 only reads the NameID without or with a format. The SPNameQualifier and NameQualifier properties is not read.

Feel free to make a pull request to add in code to read the SPNameQualifier and NameQualifier properties and I'll release the functionality.
The git repository is https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2

*** EDITED ***

ITfoxtec Identity Saml2 has support for SPNameQualifier and NameQualifier in version 4.10.9-beta1.