<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UaySAFOkta Classic EngineOkta Integration NetworkAnswered2025-06-14T10:29:51.000Z2015-10-31T12:17:50.000Z2016-07-06T15:08:05.000Z

tj26e (tj26e) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
facing problems in configuring and passing values of custom attributes to SP
I am facing problems while passing custom Attributes to the SP.

 

 

Details:

I am using developersOKTA admin profile for IDP.

My SP is a python application which user Django/jinja/Django-CMS

 

 

My app `attribute statement` value is this.

 

Attempt1:

 

userName|${user.userName}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, firstName|${user.firstName}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, lastName|${user.lastName}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, email|${user.email}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, is_publisher|${template_saml_2_0.is_publisher}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic,  userRole|${template_saml_2_0.userRole}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic,

 

 

Where, **is_publisher**(type boolean) and **userRole**(type string) are custom attributes defined and given value on both places - in user profile and in app user profile. And **template_saml_2_0** is the app user object and **user** is the user object.

 

 

Next, I have mapped these variables together:

 

Mapping of okta->app 

> user.is_publisher is mapped to is_publisher, and 

 

Mapping of app->okta

> appuser.is_publisher is mapped to is_publisher.

 

Done similar for other attributes.

 

 

On click the app chiklet, with this attributes statement generates "500 internal server error". This error triggers before okta gives call to the SP. I have found nothing is logged in my SP's logs. And I do not know how to track OKTA IDP's logs.

 

 

Attempt2:.

 

Here I am taking values from the user object for the custom attributes, and rest keeping all same as in attempt 1.

 

>  

is_publisher|${user.is_publisher}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic, userRole|${user.userRole}|urn:oasis:names:tc:SAML:2.0:attrname-format:basic,

 

 

Now this change gives me the value of **userRole**(string type) and not for **is_publisher**(boolean type) in the assertion xml passed to the SP by OKTA. I guess this returns values if the custom attribute is only of string type and not for any others types. Is it the case?

 

 

Can you please tell me where I am going wrong? I need to set roles of users according the application which I have failed to do in Attempt1. and In Attempt2 I am only getting String type CustomAttribute's value.

  • 1 answer
  • 1.88K views

  • JP Manansala (Okta, Inc.)

    Hi Sohil,

     

    Thanks for posting your inquiry in Okta Community.

     

    To troubleshoot your issue we need to start on verifying the "User Profile Mapping" in [Okta to Application] attribute/expressions are set correct, then verifying the "Application Attributes Mapping" too that is provisioned on your Okta Org. You may also use the "Preview Mapping" tool to check your attributes/expressions.

     

    https://support.okta.com/help/articles/Knowledge_Article/Preview-Mapping

     

    Please let me know if you need any additional information. Thank you.

     

    Best,

     

    JP
    Expand Post
This question is closed.
Loading
facing problems in configuring and passing values of custom attributes to SP