I have successfully set up SAML SSO for a web application using Azure AD. However, I cannot seem to get any variables from the AD connection other that SAML_ID.
I'm on 4.01,
My AZURE SAML connection has the following items set up.
Attributes & Claims
givenname user.givenname
surname user.surname
emailaddress user.mail
name user.userprincipalname
Unique User Identifier user.userprincipalname
Required Claim
Claim name Conditions Type Value
Unique User Identifier (Name ID) 0 SAML user.userprincipalname [nameid-format:emailAddress]
Additional claims
Claim name Conditions Type Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress 0 SAML user.mail
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname 0 SAML user.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name 0 SAML user.userprincipalname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname 0 SAML user.surname
Advanced SAML claims options
Include attribute name format Enabled
Issuer with application ID Disabled
Audience override None
The documentation says:
These user-specific attributes are encoded in the SAML token returned from the IdP. Genero decodes them and puts them in environment variables prefixed with SAML_.
To retrieve the user-specific SAML attributes returned by the IdP in your Genero application, add a fgl_getenv() call for each attribute.
I have tried fgl_getenv("SAML_mail"), "SAML_emailaddress", "SAML_surname" to no avail.
my .xcf has the following:
<DELEGATE service="services/SAMLServiceProvider">
<IDFORMAT>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</IDFORMAT>
</DELEGATE>
in the Execution parameters.
In the future, I want to be able to grab the department name (by adding it on the azure side).
I feel it is something mundane I am missing since the SAML_ID works.
Thanks in advanced.
Sign in for full access
Help
