masastack · capdiem · Aug 2, 2024 · Aug 2, 2024
diff --git a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Consts/ClaimTypeConsts.cs b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Consts/ClaimTypeConsts.cs
@@ -0,0 +1,13 @@
+// Copyright (c) MASA Stack All rights reserved.
+// Licensed under the Apache License. See LICENSE.txt in the project root for license information.
+
+namespace Masa.Auth.Web.Sso.Infrastructure.Consts;
+
+public static class ClaimTypeConsts
+{
+    public const string IMPERSONATOR_USER_ID = $"{DEFAULT_PREFIX}/impersonatorUserId";
+
+    public const string DOMAIN_NAME = $"{DEFAULT_PREFIX}/domainName";
+
+    private const string DEFAULT_PREFIX = "https://masastack.com/security/identity/claims";
+}
diff --git a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/ImpersonationGrantValidator.cs b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/ImpersonationGrantValidator.cs
@@ -8,8 +8,6 @@ public class ImpersonationGrantValidator : IExtensionGrantValidator
     IAuthClient _authClient;
     public string GrantType { get; } = BuildingBlocks.Authentication.OpenIdConnect.Models.Constans.GrantType.IMPERSONATION;
 
-    const string IMPERSONATOR_USER_ID = "https://masastack.com/security/identity/claims/impersonatorUserId";
-
     public ImpersonationGrantValidator(IAuthClient authClient)
     {
         _authClient = authClient;
@@ -54,7 +52,7 @@ public async Task ValidateAsync(ExtensionGrantValidationContext context)
 
             if (!cacheItem.IsBackToImpersonator)
             {
-                claims.Add(new Claim(IMPERSONATOR_USER_ID, cacheItem.ImpersonatorUserId.ToString()));
+                claims.Add(new Claim(ClaimTypeConsts.IMPERSONATOR_USER_ID, cacheItem.ImpersonatorUserId.ToString()));
             }
 
             context.Result = new GrantValidationResult(cacheItem.TargetUserId.ToString(), "impersonation", claims);

diff --git a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/LdapGrantValidator.cs b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/LdapGrantValidator.cs
@@ -79,7 +79,12 @@ public async Task ValidateAsync(ExtensionGrantValidationContext context)
                 });
             }
 
-            context.Result = new GrantValidationResult(authUser.Id.ToString(), "ldap");
+            var claims = new List<Claim>
+            {
+                new Claim(ClaimTypeConsts.DOMAIN_NAME, ldapUser.SamAccountName)
+            };
+
+            context.Result = new GrantValidationResult(authUser.Id.ToString(), "ldap", claims);
         }
         catch (Exception ex)
         {

diff --git a/src/Web/Masa.Auth.Web.Sso/_Imports.cs b/src/Web/Masa.Auth.Web.Sso/_Imports.cs
@@ -24,6 +24,7 @@
 global using Masa.Auth.Web.Sso.Infrastructure;
 global using Masa.Auth.Web.Sso.Infrastructure.Aliyun;
 global using Masa.Auth.Web.Sso.Infrastructure.Attributes;
+global using Masa.Auth.Web.Sso.Infrastructure.Consts;
 global using Masa.Auth.Web.Sso.Infrastructure.Events;
 global using Masa.Auth.Web.Sso.Infrastructure.Options;
 global using Masa.Auth.Web.Sso.Infrastructure.Services;