I’m attempting to connect to a SAML identity provider that uses the Shibboleth system.
Happily, I’ve managed to actually connect, and I can map some of the attributes to my user profile. Hooray! For example, I’ve got a setting like:
user ID attribute: urn:oid:0.9.2342.19200300.100.1.1
and User mappings like:
{ “email” : “urn:oid:0.9.2342.19200300.100.1.3”,
“given_name”: “urn:oid:2.5.4.42”,
“family_name”: “urn:oid:2.5.4.4”,
“groups”: “urn:oid:memberOf”
}
However, I don’t seem able to access all the user attributes that I’ve been provided names for. I’ve been given an XML file with mappings, and only a few of them work.
I have only the flimsiest understanding of all this (which is why I’m trying auth0 in the first place), but my GUESS is that I need to be requesting more information from the identity provider; there’s this mysterious “request template” field which is empty, and might be relevant?
For example, one field indicated in my attribute map xml file is:
<Attribute name="urn:mace:dir:attribute-def:uid" id="SHIB_USERID"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="SHIB_USERID"/>
but this attribute doesn’t show up in the user raw json, and doesn’t map when I put either verison in.
Only the SAML 2.0 ones (the ones with oid:) seem to work.
Can anyone shed some light on this?
(Also, unrelated question: is there a quick Rule that can set name = family_name + given name?)