Reputation: 457
WSO2 IS 5.4.0: Using the username as attribute in SAML asserton
Scenario:
- WSO2 Identity Server 5.4.0 configured as SAML IDP.
- A third party application configured as SAML Service Provider.
- WSO2 IS uses MySQL as the JDBC user store
The SAML SP requires username, firstname and lastname as ATTRIBUTES in the SAML assertion. The SAML SP claim configuration is set as follows
- firstname -> http://wso2.org/claims/givenname
- lastname -> http://wso2.org/claims/lastname
- username -> http://wso2.org/claims/username
firstname and lastname are sent in the SAML assertion as expected, whereas username is not sent in the SAML assertion.
Is there a way to achieve this?
Note: Further investigation showed that the username is not listed in the CLAIMS table UM_USER_ATTRIBUTE and as such may not be accessible via a claim mapping defined in WSO2 IS. Interestingly in OIDC the username is returned as the sub claim which is actually mapped to http://wso2.org/claims/username
Any hint and insight is appreciated.
Upvotes: 0
Views: 294
Answers (1)
Reputation: 414
You need to enable scim for JDBCUserStoreManager. In user-mgt.xml file makes SCIMEnabled property to true as follows.
<Property name="SCIMEnabled">true</Property>
Then try the SAML flow.
Upvotes: 0
Related Questions
- LoggedInSessionBean reference
- WSO2 Identity Server usernames with discriminator
- how to return user attributes in SAML response in WSO2 IS
- WSO2 SAML api authentication
- WSO2 Identity Server Assertion without SessionNotOnOrAfter in AuthnStatement
- Spring SAML wso2
- WSO2 IS 5.1.0, send session information as SAML claims
- WSO2 Identity Server 5.1.0 not returning user claims in SAML Response
- WSO2 Identity Server not taking NameIDPolicy format into consideration for authentication request
- WSO2 Identity Server 5.0.0 fails to return user claims in SAMLResponse for user from secondary user store