Layer 7 Access Management

Expand all | Collapse all

Can the SAML Response header have two different User attribute mapped

Jump to Best Answer
  • 1.  Can the SAML Response header have two different User attribute mapped

    Posted 08-31-2019 02:08 PM


    Hi ,
    Could you confirm,if  two different user attributes can be mapped to a common a name in SAML assertion ?
    We want the two different attibutes of users to be sent with same name to the SP.Will that can be achieved ?

    <ns2:AttributeStatement> <ns2:Attribute Name="First Name"<ns2:AttributeStatement> <ns2:Attribute Name="First Name"                           NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"                           > <ns2:AttributeValue>Test1</ns2:AttributeValue> </ns2:Attribute> <ns2:Attribute Name="Last Name"                           NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"                           > <ns2:AttributeValue>Testing</ns2:AttributeValue> </ns2:Attribute> <ns2:Attribute Name="roles"                           NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"                           > <ns2:AttributeValue>value1</ns2:AttributeValue> </ns2:Attribute> <ns2:Attribute Name="Roles"                           NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"                           > <ns2:AttributeValue>value2</ns2:AttributeValue> </ns2:Attribute>        39735751    40109882


  • 2.  RE: Can the SAML Response header have two different User attribute mapped
    Best Answer

    Posted 09-02-2019 07:58 AM
    Hello Madhava,

    Yes, you can do something like FullName = #{attr["FirstName"]},#{attr["LastName"]} in the attributes under partnership.

    The end result would be ex:- in your case FullName = Test1,Testing

    You can refer to the URL for more details - https://docops.ca.com/ca-siteminder-federation-standalone/12-52-sp1/en/configuring/application-integration-at-the-relying-party/mapping-assertion-attributes-to-application-attributes-saml-only

    Thanks
    Ankur Taneja



  • 3.  RE: Can the SAML Response header have two different User attribute mapped

    Posted 09-02-2019 10:50 AM
    Hi Ankur ,
    Thanks for the input, it did worked.

    Thanks 
    Madhava P