I tried to configure JIT account provisionning using the following configuration:
jit-account-provisioning:
enabled: true
#trusted-idps: https://idp.universite-paris-saclay.fr/idp
trusted-idps: all
But I get an error if I try to autoprovision an account, authenticating through SAML, see
autoprovisionning_upsaclay_error.log. It happens because the IdP doesn't provide given name and lastname as it is shown when trying to provision the account the traditional way (with validation).
As for me it is unexpected and it makes the feature not really useful because if using eduGAIN, you'll have a lot of users who cannot provision their account and just receive an error... IMO, when doing JIT provisionning, the user should be able to go through the usual account creation form and to fill the missing mandatory fields. Just it should not be possible to change the email (that must be provided by the IdP).
I tried to configure JIT account provisionning using the following configuration:
But I get an error if I try to autoprovision an account, authenticating through SAML, see autoprovisionning_upsaclay_error.log. It happens because the IdP doesn't provide given name and lastname as it is shown when trying to provision the account the traditional way (with validation).
As for me it is unexpected and it makes the feature not really useful because if using eduGAIN, you'll have a lot of users who cannot provision their account and just receive an error... IMO, when doing JIT provisionning, the user should be able to go through the usual account creation form and to fill the missing mandatory fields. Just it should not be possible to change the email (that must be provided by the IdP).