Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

How to handle empty SAML attribute in the SAML handler?

Avatar

Level 2

I have a requirement to fetch some SAML response attributes. For that I have configured those attributes in the Synchronized Attributes field in the AEM SAML 2.0 Authentiacation Handler. But for some users one of my synchronized attribute will be empty. The admin team reports that this is throwing error. Is there any way to handle empty SAML attribute values.

1 Accepted Solution

Avatar

Correct answer by
Level 9

To prevent saving conditionally the right way is extending SAMLAuthenticationHandler.  Other options are implement authentication post processor or listener to remove the property after it is saved.

View solution in original post

3 Replies

Avatar

Level 9

Hi Adarsh,

Configure on the IDP not to pass empty attribute Or some default value if it is empty.  Otherwise need an custom development effort to extend SAMLAuuthenticationhandler to plugin your additional validation.

Thanks,

Avatar

Level 2

Thanks @MC Stuff. I was actually thinking about not to use any filters or extend SAMLAuthenticationHandler but to get the data using Userproperties API. Is there any other configuration that can be done in AEM side to prevent the attribute from saving in the jcr.

Avatar

Correct answer by
Level 9

To prevent saving conditionally the right way is extending SAMLAuthenticationHandler.  Other options are implement authentication post processor or listener to remove the property after it is saved.