facing problems in configuring and passing values of custom attributes to SP Skip to main content
https://support.okta.com/help/answers?id=906f0000000xzi6iao&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Sohil ChhabriyaSohil Chhabriya 

facing problems in configuring and passing values of custom attributes to SP

I am facing problems while passing custom Attributes to the SP.
 
 
Details:
I am using developersOKTA admin profile for IDP.
My SP is a python application which user Django/jinja/Django-CMS
 
 
My app `attribute statement` value is this.

Attempt1:


userName|${user.userName}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, firstName|${user.firstName}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, lastName|${user.lastName}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, email|${user.email}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, is_publisher|${template_saml_2_0.is_publisher}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic,  userRole|${template_saml_2_0.userRole}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic,
 
 
Where, **is_publisher**(type boolean) and **userRole**(type string) are custom attributes defined and given value on both places - in user profile and in app user profile. And **template_saml_2_0** is the app user object and **user** is the user object.
 
 
Next, I have mapped these variables together:
 
Mapping of okta->app 
> user.is_publisher is mapped to is_publisher, and 

Mapping of app->okta
> appuser.is_publisher is mapped to is_publisher.

Done similar for other attributes.
 
 
On click the app chiklet, with this attributes statement generates "500 internal server error". This error triggers before okta gives call to the SP. I have found nothing is logged in my SP's logs. And I do not know how to track OKTA IDP's logs.
 
 
Attempt2:.

Here I am taking values from the user object for the custom attributes, and rest keeping all same as in attempt 1.
 
>  
is_publisher|${user.is_publisher}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, userRole|${user.userRole}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic,
 
 
Now this change gives me the value of **userRole**(string type) and not for **is_publisher**(boolean type) in the assertion xml passed to the SP by OKTA. I guess this returns values if the custom attribute is only of string type and not for any others types. Is it the case?
 
 
Can you please tell me where I am going wrong? I need to set roles of users according the application which I have failed to do in Attempt1. and In Attempt2 I am only getting String type CustomAttribute's value.
Jaypee ManansalaJaypee Manansala (Okta)
Hi Sohil,

Thanks for posting your inquiry in Okta Community.

To troubleshoot your issue we need to start on verifying the "User Profile Mapping" in [Okta to Application] attribute/expressions are set correct, then verifying the "Application Attributes Mapping" too that is provisioned on your Okta Org. You may also use the "Preview Mapping" tool to check your attributes/expressions.

https://support.okta.com/help/articles/Knowledge_Article/Preview-Mapping

Please let me know if you need any additional information. Thank you.

Best,

JP