Hello,
I am following this blog post
https://blog.developer.adobe.com/saml-authentication-in-aem-using-microsoft-azure-active-directory-3...
and also microsoft official documentation
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/adobe-identity-management-tutorial
to integrate azure ad with author 6.5 sp 13 saml auth.
Authentication works but the user is always created with principalname with a random string
I tried to configure aem saml User ID attribute with emailaddress , uid, nameid but no luck
in azure saml token claims I see
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>Andrea</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<AttributeValue>Mysurname</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>mymail@example.com</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>mymail@example.com</AttributeValue>
</Attribute>
any suggestion on how to configure Userid attribute or Synchronized attributes
for example mapping claims to user properties like:
surname->familyName
givenname->givenName
Thanks
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @AndreaB69 , can you try below and let us know if it works
userIDAttribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
synchronizeAttributes="[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/surName,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email,http://schemas.microsoft.com/ws/2008/06/identity/claims/groups\=profile/groups]"
Thanks,
Srikanth Pogula
Hi @AndreaB69 , can you try below and let us know if it works
userIDAttribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
synchronizeAttributes="[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/surName,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email,http://schemas.microsoft.com/ws/2008/06/identity/claims/groups\=profile/groups]"
Thanks,
Srikanth Pogula
Thanks
it did work
this are the current sync attributes I have
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress=profile/email
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname=profile/givenName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname=profile/familyName