Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong attributeMappings in SAML? #1249

Closed
giva01121 opened this issue Mar 31, 2020 · 3 comments · Fixed by #2908
Closed

Wrong attributeMappings in SAML? #1249

giva01121 opened this issue Mar 31, 2020 · 3 comments · Fixed by #2908
Labels
closed due to age Close issue or PR soon because no reaction unscheduled

Comments

@giva01121
Copy link

giva01121 commented Mar 31, 2020
edited
Loading

Hello, I want to use AttributeMappings and map the incoming SAML information to the UAA attributes, unfortunately the mapping section is not respected. No matter what I put, after redeploying CF the values retrieved from uaac user get name are not changing .

What version of UAA are you running?

app version":"74.13.0"

How are you deploying the UAA?

I am deploying the UAA

  • using a bosh release I downloaded from bosh.io

What did you do?

I'm using ops file to add the attributes:

# add SIT Azure AD SAML provider
#
- type: replace
  path: /instance_groups/name=uaa/jobs/name=uaa/properties/login/saml/providers?/
  value:
    nameID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    idpMetadata:
    showSamlLoginLink: true
    linkText: Log in with IDP
    metadataTrustCheck: false
    attributeMappings:
      given_name: givenname
      family_name: surname
      email: emailaddress
    groupMappingMode : AS_SCOPES

What did you expect to see? What goal are you trying to achieve with the UAA?

I'm expecting to see:

~:$ uaac user get [email protected]
  name: John
    familyname: Doe
    givenname: John Doe
  emails: [email protected]

What did you see instead?

~:$ uaac user get [email protected]
  name
    familyname: example.com
    givenname: John.Doe
  emails:

Please include UAA logs if available.
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/172076402

The labels on this github issue will be updated when the story is started.

@giva01121 giva01121 changed the title Can I configure attributeMappings in SAML? Wrong attributeMappings in SAML? Mar 31, 2020
@strehle strehle added the closed due to age Close issue or PR soon because no reaction label Oct 22, 2023
@strehle
Copy link
Member

strehle commented Oct 22, 2023

is this still an issue ? For Azure integration I recommend to use OIDC v2 integration, e.g.
https://learn.microsoft.com/en-us/azure/active-directory/develop/optional-claims-reference
because there the names and mappings are clear

@strehle strehle linked a pull request Dec 5, 2024 that will close this issue
build(deps): Replace SAML Library #2908
Merged
@strehle
Copy link
Member

strehle commented Dec 5, 2024

tested with azure after #2908 , no issue found

@strehle strehle closed this as completed Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed due to age Close issue or PR soon because no reaction unscheduled
Projects
Foundational Infrastructure Working Group
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

build(deps): Replace SAML Library cloudfoundry/uaa
3 participants
@cf-gitbot @strehle @giva01121