<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009MBB7rCAHOkta Classic EngineSingle Sign-OnAnswered2023-06-27T21:09:50.000Z2023-06-26T20:40:56.000Z2023-06-27T21:09:50.000Z

ScottT.50751 (Customer) asked a question.

June 26, 2023 at 8:40 PM
Remove empty SAML attributes from assertion

We're integrating an application that accepts a role attribute in the SAML assertions. For a sub group of users within the application, the system administrator needs to be able to still manually assign the roles instead of being passed in the SAML. This is causing an issue since the application returns an error if the attribute is empty for this sub group.

 

I've tried setting the value to null but it's the same as setting an empty string, the attribute is still be sent. I've also looked at the SAML hook but it looks like there are only add and modify operations.

SAML assertion inline hook reference | Okta Developer

 

Is there a way to remove a SAML attribute completely if the value is empty/null?

  • 2 answers
  • 592 views

  • ScottT.50751 (Customer)

    I've solved this using SAML inline hook and Okta Workflows. I had to remove the attribute definition from the SAML app configuration, and then I'm dynamically adding the attribute when needed using the SAML assertion inline hook: https://developer.okta.com/docs/reference/saml-hook/

     

    I can still use the custom attribute from the application profile by looking up the application profile in the workflow executed by the SAML hook.

     

    Saml Hook - Add Conditional Attribute

    Expand Post
    Selected as Best

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @ScottT.50751 (Customer)​ , Thank you for reaching out to the Okta Community!

     

    This is not supported. 

    You can suggest a Featured Enhancement on the Okta Community page by going to the Community Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented.  

    More details here: 

    https://support.okta.com/help/s/blog/a674z000001cj7YAAQ/okta-ideas-faq

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Community members help others by clicking Like or Select as Best on responses. Try it today.

     

    Expand Post

  • ScottT.50751 (Customer)

    I've solved this using SAML inline hook and Okta Workflows. I had to remove the attribute definition from the SAML app configuration, and then I'm dynamically adding the attribute when needed using the SAML assertion inline hook: https://developer.okta.com/docs/reference/saml-hook/

     

    I can still use the custom attribute from the application profile by looking up the application profile in the workflow executed by the SAML hook.

     

    Saml Hook - Add Conditional Attribute

    Expand Post
    Selected as Best
This question is closed.
Loading
Remove empty SAML attributes from assertion