0

Hi Team,   We are able to bypass only one value in SAML say username or fullname or email. What needs to be done at Mendis side in order to get fullname/email value bypassed by SAML as 'fullname' attribute and email attribute (see attached saml tracer info).   SAML is sending all the information related to username,fullname and email but I’m unable to assign it to account table entry.   Can anyone please advise?   Regards, Swathi <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s2b1c256beeaa25ec369eebfdad4da6080bce3cd74" InResponseTo="_c60ebe04-3702-48a6-a946-4f4b3a31ce44" Version="2.0" IssueInstant="2023-06-02T10:11:39Z" Destination="https://cft.uatmendix.us.windmill.local/SSO/assertion" > <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">IDP</saml:Issuer> <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:Status> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s22b5de7daa8ff1efe13e05fa8d0bd7373b3299912" IssueInstant="2023-06-02T10:11:39Z" Version="2.0" > <saml:Issuer>IDP</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#s22b5de7daa8ff1efe13e05fa8d0bd7373b3299912"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>lUfLUs3QqRyguXT9jmuTmqxMjDvUxCUlL8H2OSz8SwU=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>*******</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>*******</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="IDP" SPNameQualifier="https://cft.uatmendix.us.windmill.local/" >B01844</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData InResponseTo="_c60ebe04-3702-48a6-a946-4f4b3a31ce44" NotOnOrAfter="2023-06-02T10:21:39Z" Recipient="https://cft.uatmendix.us.windmill.local/SSO/assertion" /> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2023-06-02T10:01:39Z" NotOnOrAfter="2023-06-02T10:21:39Z" > <saml:AudienceRestriction> <saml:Audience>https://cft.uatmendix.us.windmill.local/</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2023-06-02T10:11:39Z" SessionIndex="s21f4858b7589f52ed6377b5307724a5e3fdc69603" > <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="email"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >firstname.lastname@abnamroclearing.com</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="username"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >482620</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="fullname"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >Firstname Lastname</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>  

asked 2023-06-05

1 answers