Tagged: #OpenAM, JIT, saml2, scripted-module
This topic has 0 replies, 1 voice, and was last updated 1 month, 2 weeks ago by someswara.reddy.karem.
-
AuthorPosts
-
March 5, 2021 at 2:54 pm #28473
someswara.reddy.karem
ParticipantHi All,
I have configured OpenAM 6.5.2.1 as a Service Provider (SP), SP initiated SSO (integrated mode) and configured Just-in-time provisioning as mentioned in the below articles, and configured the SAML2 authentication module and linked to a SAML2 chain.
https://backstage.forgerock.com/docs/am/6.5/saml2-guide/#saml2-create-hosted-sp
https://backstage.forgerock.com/docs/am/5.5/saml2-guide/index.html#saml2-integrated-mode-ssoSAML attribute Map : I configured attribute mapper as the below to map SAML attributes to local OpenDJ profile attributes.
userName=uid
firstName=cn
lastName=sn
userRole=userRoleSSO flow is working as expected and creating profile dynamically.
Issue: However OpenAM doesn’t update a dynamically created users attributes if they are updated in Identity Provider. For example, userRole will be changed time-to-time for users, however role changes will not be updated in OpenDJ.
In order to fix this issue, I created a Scripted authentication module (Script-type: Server-side authentication) to read SAML attributes and then update in OpenDJ repository. I added this module to a chain.
However, I’m unable to read SAML attributes/claim values in the Scripted authentication module using either session or sharedState.
var userRole = sharedState.get(“userRole”);
or
var userRoleFromSession = session.getProperty(“userRole”);Can you please guide me how to read attribute/claim values from SAML assertion in Scripted module?
Thanks for your support.
Best Regards
Som -
AuthorPosts
You must be logged in to reply to this topic.