JackS.33584 (Customer) asked a question.
SAML how to add group attribute statements
Hello,
I have created a user and a group, and put the user in the group. I'm trying to add Group Attribute Statements in my app but I can't seem to get it to output anything into the example XML (SAML assertion).
User: jack
Group: mygroup-admin
Group Attribute Statement
group name: group1
format: Unspecified
Filter: Starts with
value: mygroup
But the example SAML shows no such attribute
Likewise if I tried
Group Attribute Statement
group name: group1
format: Unspecified
Filter: Matches regex
value: .*
There must be something I am missing/misunderstanding?
The first one should've worked unless there is an Okta limitation that only x amount of groups can be passed and the number in your user store exceeds that (don't quote me on that but, could be of note). I'd avoid using wildcards for the same reason.
Where did you create the user/group? Did you confirm that both the user/group exists your user store integration/Okta (depending on where your users are sourced)?
I've just started using Okta so I have only 1 group and 1 user. I created both a few days ago, within Okta. In the attribute statements, if I try adding a attribute such as:
isInMyGroup: isMemberOfGroupName('mygroup-admin') then I can see this in the example XML with the value of true, so I believe the user is a member of the group.
<saml2:Attribute Name="isInMyGroup" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">true
</saml2:AttributeValue>
</saml2:Attribute>