Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How to handle empty SAML attribute in the SAML handler?

Avatar

Level 2

I have a requirement to fetch some SAML response attributes. For that I have configured those attributes in the Synchronized Attributes field in the AEM SAML 2.0 Authentiacation Handler. But for some users one of my synchronized attribute will be empty. The admin team reports that this is throwing error. Is there any way to handle empty SAML attribute values.

1 Accepted Solution

Avatar

Correct answer by
Level 9

To prevent saving conditionally the right way is extending SAMLAuthenticationHandler.  Other options are implement authentication post processor or listener to remove the property after it is saved.

View solution in original post

3 Replies

Avatar

Level 9

Hi Adarsh,

Configure on the IDP not to pass empty attribute Or some default value if it is empty.  Otherwise need an custom development effort to extend SAMLAuuthenticationhandler to plugin your additional validation.

Thanks,

Avatar

Level 2

Thanks @MC Stuff. I was actually thinking about not to use any filters or extend SAMLAuthenticationHandler but to get the data using Userproperties API. Is there any other configuration that can be done in AEM side to prevent the attribute from saving in the jcr.

Avatar

Correct answer by
Level 9

To prevent saving conditionally the right way is extending SAMLAuthenticationHandler.  Other options are implement authentication post processor or listener to remove the property after it is saved.