Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

SAML Synchronized Attributes

Avatar

Level 2

Any documentation or examples on how to use the new property "Synchronized Attributes (~synchronizeAttributes)" ?

1 Accepted Solution

Avatar

Correct answer by
Level 10

MorisTM wrote...

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

 

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1]  urn:oid:0.9.2342.19200300.100.1.3=profile/email

View solution in original post

10 Replies

Avatar

Level 10

Assume saml attribute name for email is officialemail & want to map to cq email.  The syntax would be officialemail=profile/email

Avatar

Employee

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

Avatar

Level 2

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

Avatar

Level 10

Amit sharma wrote...

Hi Sham, 

I have query related to same thread. 

I have users saved in the path as 

/home/users/a/

where a represt first letter of email address. 

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

 

 

 

 


You need to map syncronize attribute in felix console as shown at [img]https://helpx.adobe.com/experience-manager/kb/saml-demo/_jcr_content/main-pars/image_18.img.png/Logo...

Avatar

Level 10

MorisTM wrote...

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

 

In the saml response do you see the mail attribute? 

Avatar

Level 2

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

Avatar

Correct answer by
Level 10

MorisTM wrote...

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

 

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1]  urn:oid:0.9.2342.19200300.100.1.3=profile/email

Avatar

Level 2

Did you get any reply for this post? I am seeking for same. 

Avatar

Community Advisor

Hi @divyat29882083 ,

 

Have you gone through this kb article, hope it would be helpful.

  1. https://helpx.adobe.com/in/experience-manager/kb/saml-demo.html
  2. https://www.bounteous.com/insights/2018/09/24/single-sign-sso-integration-okta-aem-63/?lang=en-ca

SAML_SyncAttributes.JPG

Synchronized Attributes: These are the attribute mappings configured in the Okta application. The attribute values will be passed through SAML response to AEM during the SAML assertion.

 

Regards,

Santosh