SAML addon mapping skipping duplicated attributes

Problem statement

Our SAML addon configuration is like this:

{
  "mappings": {
    "given_name": "First Name",
    "family_name": "Last Name",
    "email": "Email",
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier""
  },
  "passthroughClaimsWithNoMapping": false,
  "createUpnClaim": false,
  "mapIdentities": false
}

However, we are not getting the Email attribute. It seems like the same email attribute cannot be mapped to different SAML Attributes twice.

Cause

This is a limitation of the SAML Addon, it automatically clears the duplicated email entry upon saving. However,

Solution

You can map the same attribute multiple times through a Rule.

function mapSamlAttributes(user, context, callback) {
if(context.clientID === 'YOUR_CLIENT_ID_HERE') {
context.samlConfiguration.mappings = {
    'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier':
      'email',
    'Email':
      'email',
    'First Name': 'given_name',
    'Last Name': 'family_name',
    'RoleID' : 'groups'
  };
  context.samlConfiguration.passthroughClaimsWithNoMapping = false;
  context.samlConfiguration.createUpnClaim = false;
  context.samlConfiguration.mapIdentities = false;
}

  callback(null, user, context);
}