Retrieve identity attributes with SAML

Follow these steps to retrieve attributes about user identity when authenticating to SAML IdP.

As a prerequisite, SAML Single sign-on (SSO) protocol does not provide a mechanism to request specific attributes to be returned when authenticated. You must configure that list at the IdP level. As SAML supports identity federation, it provides a mechanism to map user-specific attributes between different IdPs - an attribute called with one name in one IdP can be called a different name in another IdP.

If federation is in use, map them according to other IdPs if needed. Refer to your IdP documentation for more information on how to map and define the list of attributes to pass to the GAS during authentication setup.

To retrieve the SAML attributes returned by the IdP in your Genero application, add a fgl_getenv() call for each attribute specified in the XCF file with a prefix of SAML_.
LET email = fgl_getenv(“SAML_email”)
LET fullname = fgl_getenv(“SAML_fullname”)
LET country = fgl_getenv(“SAML_country”)

The Genero application retrieves the requested identity attributes.