Closed kaechele closed 6 years ago
The SAML extension expects to retrieve data from NameId or from attributes, not from both. The patch you shared works for you but will impact other integrations so I can't apply it on next release.
Why IdP is not able to provide username on attributes?
Thanks for the reply!
So with Ipsilon you apparently need version > 2.0 and also you need to map _username
to any attribute name you'd like. It's not mapped by default as upstream says (we spoke on IRC) one should really be pulling the username from NamedID instead, but this way it's at least working.
My IdP (Ipsilon attached to FreeIPA) doesn't provide an attribute for the username. Instead, the username is only transmitted as the NameID.
I'm currently using this hack, and it works for me:
A sample SAML Response from my IdP looks like this:
There is probably a nicer and more correct way of doing this. Maybe someone has an idea?