Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How to handle empty SAML attribute in the SAML handler?

adarshm65812616
Level 2
Level 2

I have a requirement to fetch some SAML response attributes. For that I have configured those attributes in the Synchronized Attributes field in the AEM SAML 2.0 Authentiacation Handler. But for some users one of my synchronized attribute will be empty. The admin team reports that this is throwing error. Is there any way to handle empty SAML attribute values.

1 Accepted Solution
MC_Stuff
Correct answer by
Level 9
Level 9

To prevent saving conditionally the right way is extending SAMLAuthenticationHandler.  Other options are implement authentication post processor or listener to remove the property after it is saved.

View solution in original post

3 Replies
MC_Stuff
Level 9
Level 9

Hi Adarsh,

Configure on the IDP not to pass empty attribute Or some default value if it is empty.  Otherwise need an custom development effort to extend SAMLAuuthenticationhandler to plugin your additional validation.

Thanks,

adarshm65812616
Level 2
Level 2

Thanks @MC Stuff. I was actually thinking about not to use any filters or extend SAMLAuthenticationHandler but to get the data using Userproperties API. Is there any other configuration that can be done in AEM side to prevent the attribute from saving in the jcr.

MC_Stuff
Correct answer by
Level 9
Level 9

To prevent saving conditionally the right way is extending SAMLAuthenticationHandler.  Other options are implement authentication post processor or listener to remove the property after it is saved.

View solution in original post