[IdP] OKTA SAML - Loading the attributes into Users

[IdP] OKTA SAML - Loading the attributes into Users

  
Forge Component
(20)
Published on 2017-12-04 by Telmo Martins
20 votes
Published on 2017-12-04 by Telmo Martins

We are able to successful create a user account and login however the firstname, lastname and email address fields in the user module are not being populated.  We can see them in the attribute fields of the SAML message so we are recieveing them.  Do we need to populate the claims on the SP configuration and if so with what URL?


   

Hi Paul,

You need to check on your SAML response message the name of the attributes. It should be something like

...

<saml2:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="MyEmail">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">myemail@mail.com</saml2:AttributeValue>
</saml2:Attribute>

...

So, based in the example above to configure the email claim you need to set "MyEmail" on the Claims Email attribute like on the image attach.


Regards