Get Surname from Claims

timdlyncme · May 23, 2019, 5:09pm

Hey Everyone,

I have been trying to get the surname from the claim but no luck - i can see the surname in the $ClaimsPrinciple.claims but i cant seem to get it out using something like $ClaimsPrinciple.claims.surname or $ClaimsPrinciple.claims.Identity.surname or $ClaimsPrinciple.Identity.GivenName

Thanks!

Jacob-Evans · May 23, 2019, 7:17pm

Have you tried $ClaimsPrincipal ?

psDevUK · May 23, 2019, 7:17pm

I’m personally using the $user variable…have you tried that? Then I am sure with a regex expression you could get the surname

mylabonline · May 23, 2019, 9:47pm

Yes I have tried the $User Variable but it display’s the user login email address (jdoe@domain.com).

@Jacob-Evans - Yes when I use the $ClaimsPrincipal I can see the entire claim, but how do I dig into it to pull out just the given name.

I can also get the login email address using $ClaimsPrinciple.Identity.Name But changing Name to GivenName does not work.

The claim looks like this - aio: 42ZgYtuYta72wX9t6vxe2DzUB http://schemas.microsoft.com/claims/authnmethodsreferences: pwd http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: Doe http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: John groups: 447656d-013b-4f67-9643-a390ffbc555f groups: name: John Doe http://schemas.microsoft.com/identity/claims/objectidentifier: 075weq8c-0dq4-4539e55e33050eb7c onprem_sid: S-1-5-21-2qwe3113347-524520147-32110136-4131 http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier: p52138Z-PhkIVhmBYYdfsafH3SpyE http://schemas.microsoft.com/identity/claims/tenantid: 35232860-633b-4440-433dc-847wqeq5e8b1 http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: jdoe@domain.com http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn: jdoe@domain.com uti: k1AQETFH5E-L4FumwTEC48

PorreKaj · May 24, 2019, 7:19am

Protip, you can enable the design console by adding -Design to your Start-UDDashboard command.

In the design console, you can do a bit of debuging while the site is running. forexample getting the details of $ClaimsPrinciple.Identity | GM

Not pretty, and not specifically helpful, but it seems like the data is in there somewhere

[{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“AddClaim”,“memberType”:64,“definition”:“void AddClaim(System.Security.Claims.Claim claim)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“AddClaims”,“memberType”:64,“definition”:“void AddClaims(System.Collections.Generic.IEnumerable[System.Security.Claims.Claim] claims)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Clone”,“memberType”:64,“definition”:“System.Security.Claims.ClaimsIdentity Clone()”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Dispose”,“memberType”:64,“definition”:“void Dispose(), void IDisposable.Dispose()”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Equals”,“memberType”:64,“definition”:“bool Equals(System.Object obj)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“FindAll”,“memberType”:64,“definition”:“System.Collections.Generic.IEnumerable[System.Security.Claims.Claim] FindAll(System.Predicate[System.Security.Claims.Claim] match), System.Collections.Generic.IEnumerable[System.Security.Claims.Claim] FindAll(string type)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“FindFirst”,“memberType”:64,“definition”:“System.Security.Claims.Claim FindFirst(System.Predicate[System.Security.Claims.Claim] match), System.Security.Claims.Claim FindFirst(string type)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“GetHashCode”,“memberType”:64,“definition”:“int GetHashCode()”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“GetObjectData”,“memberType”:64,“definition”:“void ISerializable.GetObjectData(System.Runtime.Serialization.SerializationInfo info, System.Runtime.Serialization.StreamingContext context)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“GetType”,“memberType”:64,“definition”:“type GetType()”},{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“HasClaim”,“memberType”:64,“definition”:“bool HasClaim(System.Predicate[System.Security.Claims.Claim] match), bool HasClaim(string type, string value)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Impersonate”,“memberType”:64,“definition”:“System.Security.Principal.WindowsImpersonationContext Impersonate()”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“OnDeserialization”,“memberType”:64,“definition”:“void IDeserializationCallback.OnDeserialization(System.Object sender)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“RemoveClaim”,“memberType”:64,“definition”:“void RemoveClaim(System.Security.Claims.Claim claim)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“ToString”,“memberType”:64,“definition”:“string ToString()”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“TryRemoveClaim”,“memberType”:64,“definition”:“bool TryRemoveClaim(System.Security.Claims.Claim claim)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“WriteTo”,“memberType”:64,“definition”:“void WriteTo(System.IO.BinaryWriter writer)”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“AccessToken”,“memberType”:4,“definition”:“Microsoft.Win32.SafeHandles.SafeAccessTokenHandle AccessToken {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Actor”,“memberType”:4,“definition”:“System.Security.Claims.ClaimsIdentity Actor {get;set;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“AuthenticationType”,“memberType”:4,“definition”:“string AuthenticationType {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“BootstrapContext”,“memberType”:4,“definition”:“System.Object BootstrapContext {get;set;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Claims”,“memberType”:4,“definition”:“System.Collections.Generic.IEnumerable[System.Security.Claims.Claim] Claims {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“DeviceClaims”,“memberType”:4,“definition”:“System.Collections.Generic.IEnumerable[System.Security.Claims.Claim] DeviceClaims {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Groups”,“memberType”:4,“definition”:“System.Security.Principal.IdentityReferenceCollection Groups {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“ImpersonationLevel”,“memberType”:4,“definition”:“System.Security.Principal.TokenImpersonationLevel ImpersonationLevel {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“IsAnonymous”,“memberType”:4,“definition”:“bool IsAnonymous {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“IsAuthenticated”,“memberType”:4,“definition”:“bool IsAuthenticated {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“IsGuest”,“memberType”:4,“definition”:“bool IsGuest {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“IsSystem”,“memberType”:4,“definition”:“bool IsSystem {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Label”,“memberType”:4,“definition”:“string Label {get;set;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Name”,“memberType”:4,“definition”:“string Name {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“NameClaimType”,“memberType”:4,“definition”:“string NameClaimType {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Owner”,“memberType”:4,“definition”:“System.Security.Principal.SecurityIdentifier Owner {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“RoleClaimType”,“memberType”:4,“definition”:“string RoleClaimType {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“Token”,“memberType”:4,“definition”:“System.IntPtr Token {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“User”,“memberType”:4,“definition”:“System.Security.Principal.SecurityIdentifier User {get;}”},
{“typeName”:“System.Security.Principal.WindowsIdentity”,“name”:“UserClaims”,“memberType”:4,“definition”:“System.Collections.Generic.IEnumerable[System.Security.Claims.Claim] UserClaims {get;}”}]

Jacob-Evans · May 24, 2019, 3:05pm

Does the Design flag work on IIS dashboards? Or just Shell ones?

mylabonline · May 24, 2019, 11:50pm

@PorreKaj good call on the -Designer got me further.

So now I have figured out how to get the name I am looking for using the command below

(ClaimsPrinciple.Identity.Claims | Where-Object {_.Type -eq ‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname’}).Value

and I can get it working in a Card by creating a new Element

New-UDElement -Tag ‘a’ -Endpoint {
(ClaimsPrinciple.Identity.Claims | Where-Object {_.Type -eq ‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname’}).Value
}

But how would I initialize this at login? I tried to set in the dashboard.ps1 in a scheduled endpoint but doesn’t work.

What I’m trying to accomplish is what is posted in the Show Off - Help Desk 2.0 - total rewrite

in the NavMenu you can see at the top where it says Hi, ArtisanByteCrafter! at the top. would like to get a Hi, GivenName .

@artvandelay440 - How did you accomplish this?

Thanks!

Topic		Replies	Views
claimsPrincipal and Null problem Universal Dashboard Help	4	467	December 20, 2019
Is there anyway to get logged on user? Universal Dashboard Help	3	940	March 29, 2019
Performance of retrieving $ClaimsPrincipal and creating directories for a user Universal Dashboard	0	541	April 21, 2020
Use of the $User variable while using Azure AD Authentication Universal Dashboard Help	2	657	March 7, 2019
IIS - variable for the user currently using the dashboard Universal Dashboard Help	3	712	March 14, 2019

Get Surname from Claims

Related Topics