aosyz (aosyz) asked a question.
I have added claims in the SAML response as mentioned in the doc. Below is JSON response from the hook.
{"commands":[{"type":"com.okta.assertion.patch","value":[{"op":"replace","path":"/claims/var1/attributeValues/1/value","value":"True"},{"op":"replace","path":"/claims/var2/attributeValues/1/value","value":"True"},{"op":"replace","path":"/claims/var3/attributeValues/1/value","value":"True"},{"op":"add","path":"/claims/extPatientId","value":{"attributeValues":[{"attributes":{"xsi:type":"xs:string"},"value":"4321"}],"attributes":{"NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}}},{"op":"add","path":"/authentication/sessionLifetime","value":300}]}]}
The SAML Tracer is not throwing any error, but the SAML response does not have the updated data as well.
<saml2:AttributeStatement
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Attribute
Name="var6"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"/>
<saml2:Attribute
Name="var7"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"/>
<saml2:Attribute
Name="var8"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"/>
Hi @aosyz (aosyz) , Thanks for taking the time to reach out to the Okta Community!
Check that the additional attribute statements are properly configured under your Okta Admin Dashboard→ Application→ <desired app name>→ General→ SAML Settings→ Edit.
Example:
https://help.okta.com/en-us/Content/Topics/Apps/Apps_App_Integration_Wizard_SAML.htm?cshid=ext_Apps_App_Integration_Wizard-saml
Make sure those variables reference values from the user's Okta Profile or properly defined string values.
Then maybe run an authentication test with the test user into the app and capture another SAML Trace to see if those values are passed.
Hope it helps!