New Participant

Solved

SAML Synchronized Attributes

Forum|Forum|10 years ago
October 16, 2015
10 replies
5496 views

Any documentation or examples on how to use the new property "Synchronized Attributes (~synchronizeAttributes)" ?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Sham_HC

MorisTM wrote...

Yes I see the following:

<saml2:AttributeStatement> <saml2:Attribute FriendlyName="uid" Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >user.2</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >user.2@maildomain.net</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="group" Name="group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >administrators</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement>

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1] urn:oid:0.9.2342.19200300.100.1.3=profile/email

santhosh_kumark

New Participant

Hi @divyatyagi ,

Have you gone through this kb article, hope it would be helpful.

Synchronized Attributes: These are the attribute mappings configured in the Okta application. The attribute values will be passed through SAML response to AEM during the SAML assertion.

Regards,

Santosh

D

DivyaTyagi

New Participant

Did you get any reply for this post? I am seeking for same.

Sham_HC

New Participant

Assume saml attribute name for email is officialemail & want to map to cq email. The syntax would be officialemail=profile/email

A

AmitSh5

Employee

Hi Sham,

I have query related to same thread.

I have users saved in the path as

/home/users/a/

where a represt first letter of email address.

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

M

MorisTMAuthor

New Participant

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

Sham_HC

New Participant

Amit sharma wrote...

Hi Sham,

I have query related to same thread.

I have users saved in the path as

/home/users/a/

where a represt first letter of email address.

how do I save other properties for this user like name and surname .. using synchronized attributes.

\Amit

You need to map syncronize attribute in felix console as shown at [img]https://helpx.adobe.com/experience-manager/kb/saml-demo/_jcr_content/main-pars/image_18.img.png/Logout.png[/img]

Sham_HC

New Participant

MorisTM wrote...

Thanks, I gave that a go, mine being mail=profile/email

The rep:User node is being created, but the profile node is not.

This is on a Publish instance.

In the saml response do you see the mail attribute?

M

MorisTMAuthor

New Participant

Yes I see the following:

        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                             Name="uid"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                             Name="urn:oid:0.9.2342.19200300.100.1.3"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >user.2@maildomain.net</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="group"
                             Name="group"
                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                             >
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                      xsi:type="xs:string"
                                      >administrators</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>

Sham_HCAccepted solution

New Participant

MorisTM wrote...

Yes I see the following:

<saml2:AttributeStatement> <saml2:Attribute FriendlyName="uid" Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >user.2</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >user.2@maildomain.net</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="group" Name="group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >administrators</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement>

For your settings try with [1] or configure saml to have predifined name rather than dynamic.

[1] urn:oid:0.9.2342.19200300.100.1.3=profile/email

M

MorisTMAuthor

New Participant

Working now. Thanks Sham!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded