Reputation: 11663
SamlCredential does not retrieve group attributes from Okta SAML response
I am using Okta as IDP and I have configured the user attribute statements and group attribute statements like this
And by providing a custom samluserdetails I am able to retrieve user attributes but not group attributes.
public class CustomSamlUserDetails implements SAMLUserDetailsService {
@Override
public Object loadUserBySAML(SAMLCredential cred) throws UsernameNotFoundException {
AppUser user = new AppUser();
user.setFirstName(cred.getAttributeAsString("firstName"));
user.setLastName(cred.getAttributeAsString("lastName"));
user.setLoginId(cred.getAttributeAsString("loginId"));
String groupname = cred.getAttributeAsString("role"); // comes null
return user;
}
}
Is there some config I missed or am I retrieving the group info in a wrong way?
EDIT:
If I use contains filter with some characters for example I have 3 groups test1, test2 and other1.
If I use contains filter *, I get null.
However if I use contains filter with test , I get test1 (and test2, if user is path of both groups).
Is wildchar not supported in case of groups?
What if in above case user was part of all 3 groups?
Upvotes: 0
Views: 1789
Answers (1)
Reputation: 116
I am not an expert of OKTA but I statred working couple of weeks for one of my clients. I tested with * but it only worked for me for filter Regex. For other filters I never succeeded with *. For example the configuration without * worked perfectly for me.
I used the code String str = credential.getAttributeAsString("Groups");
But I have one issue that when I have more then one group I still get one group. I want to have list of groups instead.
EDIT - O6 Feb
Finally I restested and I am able to implement wildcard entry with regex I used the regex filter :
In java I got the groups as you suggested :
String[] str = credential.getAttributeAsStringArray("groups");
for(int i = 0; i< str.length; i++){
System.out.println(str[i]);
}
The result is :
Have a great day
Upvotes: 2
Related Questions
- How can I get all groups a user belongs to using Okta's API?
- Error validating SAML message
- How to configure and get custom attribute in okta with saml2.0
- Saml with spring security - retrieving group credentials
- Spring Security Saml configuration error with OKTA
- Getting list of groups user is associated with in Okta
- Okta how to pass groups in assertion SAML
- Okta Group Attributes
- configuring saml-sample (SP) to work with Okta (IdP)
- How do I configure Spring Security SAML to work with Okta?