I'm building an authentication solution that receives SAML artifacts. This solution will be used in multiple applications. Taking that into consideration, I was contemplating creating a custom Identity (implementing IIdentity), and adding properties to hold data from the SAML artifact response. However, some of this data would be considered sensitive. Are there any security implications from storing this in a custom Identity? Is there a better way of getting this data to the application? The Identity creation and authentication will occur inside a custom HttpModule.
Thanks