SAML Synchronized Attributes

Avatar

Avatar

MorisTM

Avatar

MorisTM

MorisTM

15-10-2015

Any documentation or examples on how to use the new property "Synchronized Attributes (~synchronizeAttributes)" ?

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

Sham_HC

Total Posts

2.1K

Likes

160

Correct Reply

1.2K

Avatar

Sham_HC

Total Posts

2.1K

Likes

160

Correct Reply

1.2K
Sham_HC

15-10-2015

MorisTM wrote...

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

 

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1]  urn:oid:0.9.2342.19200300.100.1.3=profile/email

Answers (9)

Answers (9)

Avatar

Avatar

santhosh_kumark

MVP

Avatar

santhosh_kumark

MVP

santhosh_kumark
MVP

16-10-2020

Hi @divyat29882083 ,

 

Have you gone through this kb article, hope it would be helpful.

  1. https://helpx.adobe.com/in/experience-manager/kb/saml-demo.html
  2. https://www.bounteous.com/insights/2018/09/24/single-sign-sso-integration-okta-aem-63/?lang=en-ca

SAML_SyncAttributes.JPG

Synchronized Attributes: These are the attribute mappings configured in the Okta application. The attribute values will be passed through SAML response to AEM during the SAML assertion.

 

Regards,

Santosh

Avatar

Avatar

divyat29882083

Avatar

divyat29882083

divyat29882083

16-10-2020

Did you get any reply for this post? I am seeking for same. 

Avatar

Avatar

MorisTM

Avatar

MorisTM

MorisTM

15-10-2015

Working now. Thanks Sham!

Avatar

Avatar

MorisTM

Avatar

MorisTM

MorisTM

15-10-2015

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

Avatar

Avatar

Sham_HC

Total Posts

2.1K

Likes

160

Correct Reply

1.2K

Avatar

Sham_HC

Total Posts

2.1K

Likes

160

Correct Reply

1.2K
Sham_HC

15-10-2015

MorisTM wrote...

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

 

In the saml response do you see the mail attribute? 

Avatar

Avatar

Sham_HC

Total Posts

2.1K

Likes

160

Correct Reply

1.2K

Avatar

Sham_HC

Total Posts

2.1K

Likes

160

Correct Reply

1.2K
Sham_HC

15-10-2015

Amit sharma wrote...

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

 

 

 

 


You need to map syncronize attribute in felix console as shown at [img]https://helpx.adobe.com/experience-manager/kb/saml-demo/_jcr_content/main-pars/image_18.img.png/Logo...

Avatar

Avatar

MorisTM

Avatar

MorisTM

MorisTM

15-10-2015

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

Avatar

Avatar

amitmsharma

Employee

Avatar

amitmsharma

Employee

amitmsharma
Employee

15-10-2015

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

Avatar

Avatar

Sham_HC

Total Posts

2.1K

Likes

160

Correct Reply

1.2K

Avatar

Sham_HC

Total Posts

2.1K

Likes

160

Correct Reply

1.2K
Sham_HC

15-10-2015

Assume saml attribute name for email is officialemail & want to map to cq email.  The syntax would be officialemail=profile/email