SAML Synchronized Attributes

Avatar

Avatar
Validate 1
Level 2
MorisTM
Level 2

Likes

2 likes

Total Posts

31 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Applaud 5
Affirm 1
View profile

Avatar
Validate 1
Level 2
MorisTM
Level 2

Likes

2 likes

Total Posts

31 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Applaud 5
Affirm 1
View profile
MorisTM
Level 2

15-10-2015

Any documentation or examples on how to use the new property "Synchronized Attributes (~synchronizeAttributes)" ?

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 50
Level 10
Sham_HC
Level 10

Likes

161 likes

Total Posts

2,114 posts

Correct reply

1,204 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 100
View profile

Avatar
Boost 50
Level 10
Sham_HC
Level 10

Likes

161 likes

Total Posts

2,114 posts

Correct reply

1,204 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 100
View profile
Sham_HC
Level 10

15-10-2015

MorisTM wrote...

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

 

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1]  urn:oid:0.9.2342.19200300.100.1.3=profile/email

Answers (9)

Answers (9)

Avatar

Avatar
Establish
MVP
santhosh_kumark
MVP

Likes

99 likes

Total Posts

111 posts

Correct reply

38 solutions
Top badges earned
Establish
Validate 1
Give Back 3
Give Back
Boost 50
View profile

Avatar
Establish
MVP
santhosh_kumark
MVP

Likes

99 likes

Total Posts

111 posts

Correct reply

38 solutions
Top badges earned
Establish
Validate 1
Give Back 3
Give Back
Boost 50
View profile
santhosh_kumark
MVP

16-10-2020

Hi @divyat29882083 ,

 

Have you gone through this kb article, hope it would be helpful.

  1. https://helpx.adobe.com/in/experience-manager/kb/saml-demo.html
  2. https://www.bounteous.com/insights/2018/09/24/single-sign-sso-integration-okta-aem-63/?lang=en-ca

SAML_SyncAttributes.JPG

Synchronized Attributes: These are the attribute mappings configured in the Okta application. The attribute values will be passed through SAML response to AEM during the SAML assertion.

 

Regards,

Santosh

Avatar

Avatar
Boost 1
Level 1
divyat29882083
Level 1

Like

1 like

Total Posts

7 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile

Avatar
Boost 1
Level 1
divyat29882083
Level 1

Like

1 like

Total Posts

7 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile
divyat29882083
Level 1

16-10-2020

Did you get any reply for this post? I am seeking for same. 

Avatar

Avatar
Validate 1
Level 2
MorisTM
Level 2

Likes

2 likes

Total Posts

31 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Applaud 5
Affirm 1
View profile

Avatar
Validate 1
Level 2
MorisTM
Level 2

Likes

2 likes

Total Posts

31 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Applaud 5
Affirm 1
View profile
MorisTM
Level 2

15-10-2015

Working now. Thanks Sham!

Avatar

Avatar
Validate 1
Level 2
MorisTM
Level 2

Likes

2 likes

Total Posts

31 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Applaud 5
Affirm 1
View profile

Avatar
Validate 1
Level 2
MorisTM
Level 2

Likes

2 likes

Total Posts

31 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Applaud 5
Affirm 1
View profile
MorisTM
Level 2

15-10-2015

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

Avatar

Avatar
Boost 50
Level 10
Sham_HC
Level 10

Likes

161 likes

Total Posts

2,114 posts

Correct reply

1,204 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 100
View profile

Avatar
Boost 50
Level 10
Sham_HC
Level 10

Likes

161 likes

Total Posts

2,114 posts

Correct reply

1,204 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 100
View profile
Sham_HC
Level 10

15-10-2015

MorisTM wrote...

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

 

In the saml response do you see the mail attribute? 

Avatar

Avatar
Boost 50
Level 10
Sham_HC
Level 10

Likes

161 likes

Total Posts

2,114 posts

Correct reply

1,204 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 100
View profile

Avatar
Boost 50
Level 10
Sham_HC
Level 10

Likes

161 likes

Total Posts

2,114 posts

Correct reply

1,204 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 100
View profile
Sham_HC
Level 10

15-10-2015

Amit sharma wrote...

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

 

 

 

 


You need to map syncronize attribute in felix console as shown at [img]https://helpx.adobe.com/experience-manager/kb/saml-demo/_jcr_content/main-pars/image_18.img.png/Logo...

Avatar

Avatar
Validate 1
Level 2
MorisTM
Level 2

Likes

2 likes

Total Posts

31 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Applaud 5
Affirm 1
View profile

Avatar
Validate 1
Level 2
MorisTM
Level 2

Likes

2 likes

Total Posts

31 posts

Correct reply

1 solution
Top badges earned
Validate 1
Boost 1
Applaud 5
Affirm 1
View profile
MorisTM
Level 2

15-10-2015

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

Avatar

Avatar
Validate 1
Employee
amitmsharma
Employee

Likes

5 likes

Total Posts

16 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 1
Employee
amitmsharma
Employee

Likes

5 likes

Total Posts

16 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
View profile
amitmsharma
Employee

15-10-2015

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

Avatar

Avatar
Boost 50
Level 10
Sham_HC
Level 10

Likes

161 likes

Total Posts

2,114 posts

Correct reply

1,204 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 100
View profile

Avatar
Boost 50
Level 10
Sham_HC
Level 10

Likes

161 likes

Total Posts

2,114 posts

Correct reply

1,204 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 100
View profile
Sham_HC
Level 10

15-10-2015

Assume saml attribute name for email is officialemail & want to map to cq email.  The syntax would be officialemail=profile/email