Adobe Experience Manager Sites & More

MorisTM · 10/15/15

Any documentation or examples on how to use the new property "Synchronized Attributes (~synchronizeAttributes)" ?

Sham_HC · 10/15/15

MorisTM wrote...

Yes I see the following:

<saml2:AttributeStatement> <saml2:Attribute FriendlyName="uid" Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >user.2</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >user.2@maildomain.net</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="group" Name="group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >administrators</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement>

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1] urn:oid:0.9.2342.19200300.100.1.3=profile/email

View solution in original post

Sham_HC · 10/15/15

Assume saml attribute name for email is officialemail & want to map to cq email. The syntax would be officialemail=profile/email

amitmsharma · 10/15/15

Hi Sham,

I have query related to same thread.

I have users saved in the path as

/home/users/a/

where a represt first letter of email address.

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

MorisTM · 10/15/15

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

Sham_HC · 10/15/15

Amit sharma wrote...

Hi Sham,

I have query related to same thread.

I have users saved in the path as

/home/users/a/

where a represt first letter of email address.

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

You need to map syncronize attribute in felix console as shown at [img]https://helpx.adobe.com/experience-manager/kb/saml-demo/_jcr_content/main-pars/image_18.img.png/Logo...

Sham_HC · 10/15/15

MorisTM wrote...

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

In the saml response do you see the mail attribute?

MorisTM · 10/15/15

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

Sham_HC · 10/15/15

MorisTM wrote...

Yes I see the following:

<saml2:AttributeStatement> <saml2:Attribute FriendlyName="uid" Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >user.2</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >user.2@maildomain.net</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="group" Name="group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >administrators</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement>

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1] urn:oid:0.9.2342.19200300.100.1.3=profile/email

MorisTM · 10/15/15

Working now. Thanks Sham!

divyat29882083 · 10/16/20

Did you get any reply for this post? I am seeking for same.

santhosh_kumark · 10/16/20

Hi @divyat29882083 ,

Have you gone through this kb article, hope it would be helpful.

Synchronized Attributes: These are the attribute mappings configured in the Okta application. The attribute values will be passed through SAML response to AEM during the SAML assertion.

Regards,

Santosh

Adobe Experience Manager Sites & More

SAML Synchronized Attributes

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe