aaronpk
commented
5 months ago Going to do this a different way, recommending exchanging the SAML assertion for an ID token first.
Closed aaronpk closed 5 months ago
aaronpk
commented
5 months ago Going to do this a different way, recommending exchanging the SAML assertion for an ID token first.
Add a note:
The IdP needs to ensure there is an IdP-recognizable value to identify the user in the SAML assertion. For example if the IdP transforms the user ID to something specific to the app as the nameID, it needs to also include the actual unique user ID as a custom claim that it can use to identify the user when the SAML assertion is passed back to the IdP.