Update a dynamically created users attributes if they are updated in IDP

This topic has 0 replies, 1 voice, and was last updated 1 month, 2 weeks ago by someswara.reddy.karem.

  • Author
    Posts
  • #28473

    Hi All,

    I have configured OpenAM 6.5.2.1 as a Service Provider (SP), SP initiated SSO (integrated mode) and configured Just-in-time provisioning as mentioned in the below articles, and configured the SAML2 authentication module and linked to a SAML2 chain.

    https://backstage.forgerock.com/docs/am/6.5/saml2-guide/#saml2-create-hosted-sp
    https://backstage.forgerock.com/docs/am/5.5/saml2-guide/index.html#saml2-integrated-mode-sso

    SAML attribute Map : I configured attribute mapper as the below to map SAML attributes to local OpenDJ profile attributes.

    userName=uid
    firstName=cn
    lastName=sn
    userRole=userRole

    SSO flow is working as expected and creating profile dynamically.

    Issue: However OpenAM doesn’t update a dynamically created users attributes if they are updated in Identity Provider. For example, userRole will be changed time-to-time for users, however role changes will not be updated in OpenDJ.

    In order to fix this issue, I created a Scripted authentication module (Script-type: Server-side authentication) to read SAML attributes and then update in OpenDJ repository. I added this module to a chain.

    However, I’m unable to read SAML attributes/claim values in the Scripted authentication module using either session or sharedState.

    var userRole = sharedState.get(“userRole”);
    or
    var userRoleFromSession = session.getProperty(“userRole”);

    Can you please guide me how to read attribute/claim values from SAML assertion in Scripted module?

    Thanks for your support.

    Best Regards
    Som

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?