Support » Plugin: SAML 2.0 Single Sign-On » SAML attribute handling

  • I have been able to get the plugin to authenticate with plugin. Great work. However, I am trying to configure the SP provider to parse the SAML attributes for username, group, etc. and I can’t seem to get it work. I have verified that the SAML response contains the attributes, but they don’t seem to be parsed or handled properly by the plugin.

    <saml2:AttributeStatement>
                <saml2:Attribute Name = "email" NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                    <saml2:AttributeValue xmlns:xs = "http://www.w3.org/2001/XMLSchema"
                                          xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi:type = "xs:string">
                        tomdavidson@example.com
                    </saml2:AttributeValue>
                </saml2:Attribute>
                <saml2:Attribute Name = "firstName" NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                    <saml2:AttributeValue xmlns:xs = "http://www.w3.org/2001/XMLSchema"
                                          xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi:type = "xs:string">Tom
                    </saml2:AttributeValue>
                </saml2:Attribute>
                <saml2:Attribute Name = "userName" NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                    <saml2:AttributeValue xmlns:xs = "http://www.w3.org/2001/XMLSchema"
                                          xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi:type = "xs:string">
                        tomdavidson@example.com
                    </saml2:AttributeValue>
                </saml2:Attribute>
                <saml2:Attribute Name = "group" NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                    <saml2:AttributeValue xmlns:xs = "http://www.w3.org/2001/XMLSchema"
                                          xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi:type = "xs:string">
                        Administrator
                    </saml2:AttributeValue>
                </saml2:Attribute>
            </saml2:AttributeStatement>

    http://wordpress.org/plugins/saml-20-single-sign-on/

Viewing 2 replies - 1 through 2 (of 2 total)
  • I forgot to add the attribute mapping on the service provider tab:

    Attribute to be used as username: userName
    Attribute to be used as First Name: firstName
    Attribute to be used as Last Name: lastName
    Attribute to be used as E-mail: email
    Attribute to be used as Groups: group

    were you able to extend the list of attributes to include other elements for example an postal address or mobile number?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘SAML attribute handling’ is closed to new replies.