Debugging mapping for a SAMLp identity provider

The service we are working on is integrating with a SAMLP provider.
The integration works fine when pressing the play button to “Try” the integration.
However, the user profile shown contains a lot of attributes that have cryptic names like “urn:oid:2:5:4:4”. We would like to use the “Mappings” setting to specify that “urn:oid:2:5:4:4” should be mapped to “family_name”.

I created a test mapping that contains the following key/value pair:

{
  ...other attributes,
  "family_name": "urn:oid:2:5:4:4"
}

However when going to the “Rules” page and clicking “Try all rules with…” and then choosing the SAMLP provider in question, we end up with the same end profile. In other words the expected attribute “urn:oid:2:5:4:4” has not been mapped to “family_name”.

What could be going wrong?
Is there some way I can debug what the value of the “incoming_saml_attribute” in the mapping should be?

1 Like

Are you able to share the SAMLResponse from the identity provider? It would be useful to see the full assertion.