SAML Attribute Mapping in Actions

lihua.zhang · August 12, 2022, 8:14pm

Last Updated: Aug 28, 2024

Overview

Setting SAML attribute mappings in actions.

For example, with rules, they can be set per the following example:

function mapSamlAttributes(user, context, callback) {
  context.samlConfiguration.mappings = {
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "user_id",
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress":   "email",
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name":           "name",
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/food":           "user_metadata.favorite_food",
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/address":        "app_metadata.shipping_address"
  };

  callback(null, user, context);
}

Applies To

Actions

Solution

Use “api.samlResponse.setAttribute(attribute, value)” to set SAML attributes in a login action as documented here: Actions Triggers: post-login - API Object.

For example, with following in a rule:

context.samlConfiguration.mappings = {
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": “user_id”
}

Instead, call in the Action:

api.samlResponse.setAttribute(‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier’,event.user.user_id)

Related References

Actions Triggers: post-login - API Object