Full name mapping when using SAML

تسجيل الدخول الموحد
1

Hi there,

does anyone know how to map the full name when using SAML as login method?
My SAML response looks like this and I can map any other other attribute in my IdP if necessary:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://logon.xyz.de/auth/saml/callback" ID="idLwrewprewewGG1wewe0X4VZKDDby1Htv8I" InResponseTo="_ade6fd8b-0ce0-48d0-afff-b0ad3375d8e6" IssueInstant="2018-10-18T08:05:37Z" Version="2.0">
    <saml:Issuer>https://logon.xyz.de/nidp/saml2/metadata</saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion ID="id9sd5jjrejb3ererIZCJkrYjoG9_PI0" IssueInstant="2018-10-18T08:05:37Z" Version="2.0">

        ...

    <saml:AttributeStatement>
        <saml:Attribute xmlns:xs="http://www.w3.org/2001/XMLSchema" 
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">USERID</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute xmlns:xs="http://www.w3.org/2001/XMLSchema" 
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">Surname</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute xmlns:xs="http://www.w3.org/2001/XMLSchema" 
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">Givenname</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute xmlns:xs="http://www.w3.org/2001/XMLSchema" 
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">mail@example.org</saml:AttributeValue>
        </saml:Attribute>
    </saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>

Regards,
Thilo

2

For anyone else searching for a solution:

We had the same problem and only found a solution when looking into the soure code:

fullName is ignored.
You have to have a mapping to the fields firstName and lastName for discourse in your Identity provider (We used Keycloak)

إعجابَين (2)
3

Thanks for taking the time to dig into the code! That looks like a bug to me - we check the fullName, then replace it with firstName lastName. Line 133 in that snippet is totally useless :thinking:

I’ve been working on the SAML plugin this week anyway, so here’s a fix:

Once that’s merged, the fullName will be correctly prioritised

3 إعجابات
4

@david Thanks for the quick fix!

That looks like a bug to me - we check the fullName , then replace it with firstName lastName . Line 133 in that snippet is totally useless

I had the same impression but I was not sure because I am not familiar with the Ruby syntax…

إعجابَين (2)