Retrieve identity attributes with SAML
Follow these steps to retrieve attributes about user identity when authenticating to SAML IdP.
As a prerequisite, SAML Single sign-on (SSO) protocol does not provide a mechanism to request specific attributes to be returned when authenticated. You must configure that list at the IdP level. As SAML supports identity federation, it provides a mechanism to map user-specific attributes between different IdPs - an attribute called with one name in one IdP can be called a different name in another IdP.
If federation is in use, map them according to other IdPs if needed. Refer to your IdP documentation for more information on how to map and define the list of attributes to pass to the JGAS during authentication setup.
fgl_getenv()
call for each attribute specified in the XCF file with a
prefix of SAML_
.
LET email = fgl_getenv(“SAML_email”)
LET fullname = fgl_getenv(“SAML_fullname”)
LET country = fgl_getenv(“SAML_country”)
The Genero application retrieves the requested identity attributes.