Problem statement
Our SAML addon configuration is like this:
{
"mappings": {
"given_name": "First Name",
"family_name": "Last Name",
"email": "Email",
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier""
},
"passthroughClaimsWithNoMapping": false,
"createUpnClaim": false,
"mapIdentities": false
}
However, we are not getting the Email attribute. It seems like the same email attribute cannot be mapped to different SAML Attributes twice.
Cause
This is a limitation of the SAML Addon, it automatically clears the duplicated email entry upon saving. However,
Solution
You can map the same attribute multiple times through a Rule.
function mapSamlAttributes(user, context, callback) {
if(context.clientID === 'YOUR_CLIENT_ID_HERE') {
context.samlConfiguration.mappings = {
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier':
'email',
'Email':
'email',
'First Name': 'given_name',
'Last Name': 'family_name',
'RoleID' : 'groups'
};
context.samlConfiguration.passthroughClaimsWithNoMapping = false;
context.samlConfiguration.createUpnClaim = false;
context.samlConfiguration.mapIdentities = false;
}
callback(null, user, context);
}