SAML Attribute Mapping in Actions

lihua.zhang · August 12, 2022, 8:14pm

Problem statement

How do you set SAML attribute mappings in actions?

For example, with rules you can set them per the following example:

function mapSamlAttributes(user, context, callback) {
  context.samlConfiguration.mappings = {
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "user_id",
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress":   "email",
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name":           "name",
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/food":           "user_metadata.favorite_food",
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/address":        "app_metadata.shipping_address"
  };

  callback(null, user, context);
}

Solution

You can use api.samlResponse.setAttribute(attribute, value) to set SAML attributes in a login action as documented here: Actions Triggers: post-login - API Object

For example, if you had the following in your rule:

  context.samlConfiguration.mappings = {
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "user_id"
  }

You would instead call in the Action:

api.samlResponse.setAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier', event.user.user_id)`