set_custom_attributes not working - function not found

[zmbcgn]

Hi,

i try to get Kimai2 (timetracking software) working with SAML and Zitadell. There is just a keycloak tutorial for, so i have to figure it out on my own.

Currently I guess it is not working, because there is no "Roles" attribute in the SAML Response. So, I thought i can use an action for that, and tried the "set_custom_attribute.js" from the examples directory in this repo.

Unfortunately it is not working. The "OrgID" or "Roles" Attribute is not added to the response and in the Zitadel logfiles i can see the following:

`time="2024-07-01T23:53:14Z" level=info msg="log record emitted" caller="/home/runner/work/zitadel/zitadel/internal/logstore/emitters/stdout/stdout.go:19" record="{\"logDate\":\"2024-07-01T23:53:14.652244917Z\",\"took\":0,\"message\":\"action run started\",\"logLevel\":\"info\",\"instanceId\":\"246136676248715267\"}"

time="2024-07-01T23:53:14Z" level=info msg="log record emitted" caller="/home/runner/work/zitadel/zitadel/internal/logstore/emitters/stdout/stdout.go:19" record="{\"logDate\":\"2024-07-01T23:53:14.653113082Z\",\"took\":868166,\"message\":\"action run failed: function not found\",\"logLevel\":\"error\",\"instanceId\":\"246136676248715267\"}"`

I am using the following script: `/**

• Add an custom attribute to the SAMLResponse, if it's not already present.
• This example will add the resourceOwner as custom attribute OrgID.
• It additionally shows how get the user's project authorization and add each role in the form of projectId:role as a Roles attribute.
• Flow: Complement SAMLResponse, Triggers: Pre SAMLResponse creation
• @param ctx

• @param api */ function setCustomAttribute(ctx, api) { const user = ctx.v1.getUser() api.v1.attributes.setCustomAttribute('OrgID', '', user.resourceOwner)

  if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { return; } let roles = []; ctx.v1.user.grants.grants.forEach(grant => { grant.roles.forEach(role => { roles.push(grant.projectId+':'+role)
  }) }) api.v1.attributes.setCustomAttribute('Roles', '', ...roles) }`

I don't know where to start troubleshooting, because i cannot tell which function Zitadel is missing. Maybe it is also something in general, that i don't have API access not enabled or something, hence it is my first action I am using.

Help wanted :)

Best regards zmbcgn

PS: Not really part of this issue, but here is the keycloak config guide for Kimai.. https://www.kimai.org/documentation/saml-keycloak.html

[hifabienne]

@adlerhurst @stebenz can you help here?

[livio-a]

@zmbcgn currently the action and the function within that need to have the same name: In your case the action must also be called setCustomAttribute. Is that the case?

[zmbcgn]

@livio-a Hey. Thanks for the heads-up. I renamed my action to the same name as the function, and now i see the attributes.

Now I need to figure out how to strip the ID from the "Roles" Value. To see just "Admin" or "Default"