March 5, 2021 at 2:54 pm #28473someswara.reddy.karemParticipant
I have configured OpenAM 188.8.131.52 as a Service Provider (SP), SP initiated SSO (integrated mode) and configured Just-in-time provisioning as mentioned in the below articles, and configured the SAML2 authentication module and linked to a SAML2 chain.
SAML attribute Map : I configured attribute mapper as the below to map SAML attributes to local OpenDJ profile attributes.
SSO flow is working as expected and creating profile dynamically.
Issue: However OpenAM doesn’t update a dynamically created users attributes if they are updated in Identity Provider. For example, userRole will be changed time-to-time for users, however role changes will not be updated in OpenDJ.
In order to fix this issue, I created a Scripted authentication module (Script-type: Server-side authentication) to read SAML attributes and then update in OpenDJ repository. I added this module to a chain.
However, I’m unable to read SAML attributes/claim values in the Scripted authentication module using either session or sharedState.
var userRole = sharedState.get(“userRole”);
var userRoleFromSession = session.getProperty(“userRole”);
Can you please guide me how to read attribute/claim values from SAML assertion in Scripted module?
Thanks for your support.
You must be logged in to reply to this topic.