SAML Synchronized Attributes

Assume saml attribute name for email is officialemail & want to map to cq email.  The syntax would be officialemail=profile/email

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

Amit sharma wrote...

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

 

 

 

 

You need to map syncronize attribute in felix console as shown at [img]https://helpx.adobe.com/experience-manager/kb/saml-demo/_jcr_content/main-pars/image_18.img.png/Logout.png[/img]

MorisTM wrote...

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

 

In the saml response do you see the mail attribute? 

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

Working now. Thanks Sham!

Did you get any reply for this post? I am seeking for same. 

Hi @divyatyagi ,

Have you gone through this kb article, hope it would be helpful.

1. https://helpx.adobe.com/in/experience-manager/kb/saml-demo.html
2. https://www.bounteous.com/insights/2018/09/24/single-sign-sso-integration-okta-aem-63/?lang=en-ca

Synchronized Attributes: These are the attribute mappings configured in the Okta application. The attribute values will be passed through SAML response to AEM during the SAML assertion.

Regards,

Santosh