locked
OpenID and emailaddress claim not working RRS feed

  • Question

  • I have setup an open id provider to myopenid.com.  If I set my rules to just passthrough everything, things seem to work but I do not get much information.  Once I add an input claim for an email address, I get a rules processing error and:

    ACS60001: No output claims were generated during rules processing.                

    I then thought maybe they are not going to send me the email address, but then I logged in stackoverflow with it and there it was.  So I am not sure what I am doing wrong here.

    I am using this claim:

    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

    Sunday, May 15, 2011 2:25 AM

Answers

  • MyOpenId.com does not support AttributeExchange, and therefore will not issue you an e-mail address claim.  You will get a nameidentifier of the form https://<username>.myopenid.com, and that's it.  The content of claims released by a provider is up to that provider.

    Additionally, adding a rule to pass through everything will give you a good idea of the maximum amount of data you're getting from a provider.  Adding rules will never get you more information than "pass through all" did.

    Monday, May 16, 2011 4:29 PM

All replies

  • Logging into SO and logging into ACS with openID are two different things, so it's possible you may not be getting the email claim from myopenid.com.  Try using fiddler to see if the email claim is being passed over the wire from myopenid.com to ACS.
    Developer Security MVP | http://www.steveonsecurity.com
    Sunday, May 15, 2011 11:28 AM
  • MyOpenId.com does not support AttributeExchange, and therefore will not issue you an e-mail address claim.  You will get a nameidentifier of the form https://<username>.myopenid.com, and that's it.  The content of claims released by a provider is up to that provider.

    Additionally, adding a rule to pass through everything will give you a good idea of the maximum amount of data you're getting from a provider.  Adding rules will never get you more information than "pass through all" did.

    Monday, May 16, 2011 4:29 PM