what is the use of "UserID Attribute" in the SAML configuration? | Community
Skip to main content
K
Kkkrish
Level 4
April 12, 2016
Solved

what is the use of "UserID Attribute" in the SAML configuration?

  • April 12, 2016
  • 3 replies
  • 4303 views

What is the use of "UserID Attribute" in the SAML configuration. what it does exactly? can any one explains how it works with any use case.?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by SDharmaraj

kk krish wrote...

What is the use of "UserID Attribute" in the SAML configuration. what it does exactly? can any one explains how it works with any use case.?

 

Its the ID attribute your AEM instance is looking in the SAML response after authentication from IDP Server. Sample SAML Response from IDP after decryption will look like below

    <AttributeStatement>
            <Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <AttributeValue>aparker@geometrixx.info</AttributeValue>
            </Attribute>
        </AttributeStatement>

AEM will get the attribute value after it matched the ID (i,e in this case uid) and login to instance. You have to map this ID with the ID that IDP is sending. Check this SAML demo page. Attribute-filter section.

https://helpx.adobe.com/experience-manager/kb/saml-demo.html 

3 replies

SDharmaraj
SDharmarajAccepted solution
Level 2
April 12, 2016

kk krish wrote...

What is the use of "UserID Attribute" in the SAML configuration. what it does exactly? can any one explains how it works with any use case.?

 

Its the ID attribute your AEM instance is looking in the SAML response after authentication from IDP Server. Sample SAML Response from IDP after decryption will look like below

    <AttributeStatement>
            <Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <AttributeValue>aparker@geometrixx.info</AttributeValue>
            </Attribute>
        </AttributeStatement>

AEM will get the attribute value after it matched the ID (i,e in this case uid) and login to instance. You have to map this ID with the ID that IDP is sending. Check this SAML demo page. Attribute-filter section.

https://helpx.adobe.com/experience-manager/kb/saml-demo.html 

Lokesh_Shivalingaiah
Lokesh_Shivalingaiah
Level 10
April 12, 2016

Basically, a property or an attribute name which holds the user name/id at SAML is what you have to mention.

kautuk_sahni
Community Manager
kautuk_sahniCommunity Manager
Community Manager
April 13, 2016

Hi

Adding some reference for you:-

Link:- adobeaemclub.com/setting-saml-authentication/

// UserID Attribute (optional) –   This is useful if you would enable autoCreateUser. The exact value of this can be obtained from your IdP or can be looked at the SAML Response

For more information please look at his article.

 

Thanks and Regards

Kautuk Sahni

Kautuk Sahni
Terms & ConditionsAccessibility statement

Loading footer...