Subscribe for automatic updates: RSS icon RSS

Login icon Sign in for full access | Help icon Help
Advanced search

Pages: [1]
  Reply  |  Print  
Author Topic: SAML variables  (Read 1720 times)
Paul M.
Posts: 16


« on: June 18, 2024, 10:30:21 pm »

I have successfully set up SAML SSO for a web application using Azure AD.  However,  I cannot seem to get any variables from the AD connection other that SAML_ID.
I'm on 4.01,

My AZURE SAML connection has the following items set up.
Attributes & Claims
givenname                    user.givenname
surname                        user.surname
emailaddress                 user.mail
name                             user.userprincipalname
Unique User Identifier   user.userprincipalname

Required Claim
Claim name                                                                                              Conditions   Type     Value
Unique User Identifier (Name ID)           0        SAML      user.userprincipalname [nameid-format:emailAddress]

Additional claims
Claim name                                                                                              Conditions   Type     Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress      0             SAML     user.mail
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname          0             SAML     user.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name                  0              SAML     user.userprincipalname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname             0              SAML     user.surname

Advanced SAML claims options
Include attribute name format   Enabled
Issuer with application ID          Disabled
Audience override                      None


The documentation says:
These user-specific attributes are encoded in the SAML token returned from the IdP. Genero decodes them and puts them in environment variables prefixed with SAML_.
To retrieve the user-specific SAML attributes returned by the IdP in your Genero application, add a fgl_getenv() call for each attribute.

I have tried fgl_getenv("SAML_mail"), "SAML_emailaddress", "SAML_surname" to no avail.

my .xcf has the following:

       <DELEGATE service="services/SAMLServiceProvider">
          <IDFORMAT>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</IDFORMAT>
        </DELEGATE>
in the Execution parameters.

In the future, I want to be able to grab the department name (by adding it on the azure side).

I feel it is something mundane I am missing since the SAML_ID works.


Thanks in advanced.


Paul M.
Posts: 16


« Reply #1 on: June 20, 2024, 09:27:56 pm »

In case anyone else was beating their heads against a wall...

I figured it out.  The additional claims were not being read correctly. The claims need to be added manually  

I clicked on "add New Claim:"
I set :
Name:  to department
Namespace  left blank
Source: to Attribute
Source Attribute to user.Department

I received a SAML_DEPARTMENT  (yes all caps) value of "Information Technology"


Pages: [1]
  Reply  |  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines