Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Ash Gupta
Does SAML plugin support custom attributes ?
September 17, 2013 3:27 PM
Answer

Ash Gupta

Rank: New Member

Posts: 4

Join Date: September 17, 2013

Recent Posts

I have configured 2 Liferay instances, one as IdP and another as SP. I am able to successfully test sso between the 2. Now I'm trying to send user custom fields from IdP to SP and while I'm able to send the custom fields from IdP (I verified the sent SAML) These custom fields are not being processed on SP side. Below are the relevant portal-ext properties.

IdP :
saml.idp.metadata.attribute.names[liferaysamlspdemo]=screenName,firstName,lastName,emailAddress,expando:ucstxt,expando:crcinfo,comments,uuid

SP :
saml.sp.user.attribute.mappings=screenName=screenName\nemailAddress=emailAddress\nfirstName=firstName\nlastName=lastName\nexpando:ucstxt=ucstxt\nexpando:crcinfo=crcinfo\ncomments=comments

Has anyone else tried and able to successfully map custom attributes on SP side ?
Is it even possible with the current version of the plugin?
Mika Koivisto
RE: Does SAML plugin support custom attributes ?
September 17, 2013 4:01 PM
Answer

Mika Koivisto

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1512

Join Date: August 7, 2006

Recent Posts

For SP the expando attribute name actually comes without expando: now this might cause conflicts with attribute names so later versions we've added namespacing to all attribute names while also retaining ability to use non namespaced attributes for backwards compatibility.
Ash Gupta
RE: Does SAML plugin support custom attributes ?
September 17, 2013 4:08 PM
Answer

Ash Gupta

Rank: New Member

Posts: 4

Join Date: September 17, 2013

Recent Posts

Hi Mika,
So does that mean i should remove references to expando: from my sp attributes mapping, so it should be like below ?

I also noticed that the "comments" field (not an expando) is also not flowing through to SP. That may be a bug/missing behavior ?

SP :
saml.sp.user.attribute.mappings=screenName=screenName\nemailAddress=emailAddress\nfirstName=firstName\nlastName=lastName\nucstxt=ucstxt\ncrcinfo=crcinfo\ncomments=comments

Thanks the looking into this.

Ash
Ash Gupta
RE: Does SAML plugin support custom attributes ?
September 17, 2013 4:23 PM
Answer

Ash Gupta

Rank: New Member

Posts: 4

Join Date: September 17, 2013

Recent Posts

Mika Koivisto:
For SP the expando attribute name actually comes without expando: now this might cause conflicts with attribute names so later versions we've added namespacing to all attribute names while also retaining ability to use non namespaced attributes for backwards compatibility.



Hi Mika,

Changed my sp attributes mapping to below, removing expando: with no change in behavior, custom user attributes are still not getting in on SP side.

saml.sp.user.attribute.mappings=screenName=screenName\nemailAddress=emailAddress\nfirstName=firstName\nlastName=lastName\nucstxt=ucstxt\ncrcinfo=crcinfo\ncomments=comments


Ash
Mika Koivisto
RE: Does SAML plugin support custom attributes ?
September 18, 2013 12:02 PM
Answer

Mika Koivisto

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1512

Join Date: August 7, 2006

Recent Posts

Ah sorry didn't read carefully enough how you were mapping. The SP attribute mapping only supports following attributes to be mapped: screenName, emailAddress, firstName, lastName, uuid. Mappings to any other attributes will simply go ignored. Expanded support for mapping is in the roadmap.
Ash Gupta
RE: Does SAML plugin support custom attributes ?
September 18, 2013 1:25 PM
Answer

Ash Gupta

Rank: New Member

Posts: 4

Join Date: September 17, 2013

Recent Posts

Hi Mika,
Thanks for the confirmation. Is there a liferay IDE support project for the saml plugin that I can download and extend to support custom attribute?

regards
Ash
Montoo Garg
RE: Does SAML plugin support custom attributes ?
April 23, 2015 11:35 PM
Answer

Montoo Garg

Rank: New Member

Posts: 1

Join Date: April 7, 2015

Recent Posts

Hi Mika,

i am looking for mapping additional attributes apart from screenName, emailAddress, firstName, lastName, uuid. Could you please check if this is already implemented in the current version of SAML Plugin?

Thanks,
Montoo Garg
Amarendar Pashya
RE: Does SAML plugin support custom attributes ?
May 20, 2015 12:29 PM
Answer

Amarendar Pashya

Rank: New Member

Posts: 1

Join Date: January 28, 2015

Recent Posts

Hi Mika,

I am looking for a similar feature too. We have a set of roles being sent from the IDP through SAML along with other details. We want to assign those roles to the user when the user login for the first time to the portal.

Thanks
Amar
Thierry Dagnino
RE: Does SAML plugin support custom attributes ?
September 30, 2015 12:26 PM
Answer

Thierry Dagnino

Rank: New Member

Posts: 9

Join Date: July 27, 2012

Recent Posts

Hello Mika and everyone else,

did anyone get a reply on this. We also need to use other custom attributes . How do we do it ?
We are on liferay 6.1.2.
We need to send custom data through the SAML attributes.

Thank you.
Thierry Dagnino
RE: Does SAML plugin support custom attributes ?
October 20, 2015 12:33 PM
Answer

Thierry Dagnino

Rank: New Member

Posts: 9

Join Date: July 27, 2012

Recent Posts

Hello,

I've set saml.idp.metadata.attribute.names=expando:customfield1,emailAddress and get only the customfiel1 in the saml attributes sent over by IDP.

I always only get the first attribute name in the list.

Is there a special way to separate the attribute names in the file ?

Thanks.
Anderson Marques
RE: Does SAML plugin support custom attributes ?
December 17, 2015 4:01 PM
Answer

Anderson Marques

Rank: New Member

Posts: 1

Join Date: September 13, 2014

Recent Posts

Hello everyone,

Please @Mika or someone could help with custom attributes?
Is possible do that on the current SAML plugin version. Could you help me please?

Thanks in advance,
Anderson