Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

SAML Synchronized Attributes

MorisTM
Level 2
Level 2

Any documentation or examples on how to use the new property "Synchronized Attributes (~synchronizeAttributes)" ?

1 Accepted Solution
Sham_HC
Correct answer by
Level 10
Level 10

MorisTM wrote...

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

 

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1]  urn:oid:0.9.2342.19200300.100.1.3=profile/email

View solution in original post

10 Replies
Sham_HC
Level 10
Level 10

Assume saml attribute name for email is officialemail & want to map to cq email.  The syntax would be officialemail=profile/email

amitmsharma
Employee
Employee

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

MorisTM
Level 2
Level 2

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

Sham_HC
Level 10
Level 10

Amit sharma wrote...

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

 

 

 

 


You need to map syncronize attribute in felix console as shown at [img]https://helpx.adobe.com/experience-manager/kb/saml-demo/_jcr_content/main-pars/image_18.img.png/Logo...

Sham_HC
Level 10
Level 10

MorisTM wrote...

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

 

In the saml response do you see the mail attribute? 

MorisTM
Level 2
Level 2

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

Sham_HC
Correct answer by
Level 10
Level 10

MorisTM wrote...

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

 

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1]  urn:oid:0.9.2342.19200300.100.1.3=profile/email

View solution in original post

divyat29882083
Level 2
Level 2

Did you get any reply for this post? I am seeking for same. 

santhosh_kumark
Community Advisor
Community Advisor

Hi @divyat29882083 ,

 

Have you gone through this kb article, hope it would be helpful.

  1. https://helpx.adobe.com/in/experience-manager/kb/saml-demo.html
  2. https://www.bounteous.com/insights/2018/09/24/single-sign-sso-integration-okta-aem-63/?lang=en-ca

SAML_SyncAttributes.JPG

Synchronized Attributes: These are the attribute mappings configured in the Okta application. The attribute values will be passed through SAML response to AEM during the SAML assertion.

 

Regards,

Santosh