I'm trying to get my class that implements Auth.SamlJitHandler to process attributes with multiple values in the SAML assertion. It seems to be saving only one of the values. I notice that the documentation for the Auth.RegistrationHandler interface (for auth providers such as Facebook), which uses an Auth.UserData object, says of the Auth.UserData.attributeMap variable, "Because the map is , values that the third party returns that are not strings (like an array of URLs or a map) are converted into an appropriate string representation." However, this doesn't appear to be the case for the attributes variable in SamlJitHandler. Does anybody know of a way to get this to work? It doesn't look like RegistrationHandler can be used for SAML SSO. Thanks!

Hi Jan, I did not find a solution or workaround for the issue of handling multi-valued attributes that are sent on the SAML assertion. I do know that if a series of attribute values ARE sent (from SAML) in a comma-separated string, that works fine and you can parse that string to get the individual values. But in my case, the attribute values are sent like your first example above (single attribute element, with multiple AttributeValue subelements). I talked with our team that manages our SAML attribute release configs about possibly writing special code for this one multi-valued attribute that I need to retrieve, but as it turns out our university is starting on a new Identity Management project so we decided to table my little project that would need these values until that IM effort is complete and perhaps I will get my data in another way. I would be interested if anybody else has more info on this, though - it would be nice if the SamlJitHandler could work more like the RegistrationHandler and convert those multi-valued attributes to comma-separated strings. By the way, I have a coworker in IT here at Northern Arizona University in Flagstaff with the same last name as yours ... any relation? I'd never heard the name before meeting her.

Aug 14, 2016, 9:49 PM

SamlJitHandler won't handle multivalued attributes

I'm trying to get my class that implements Auth.SamlJitHandler to process attributes with multiple values in the SAML assertion. It seems to be saving only one of the values. I notice that the documentation for the Auth.RegistrationHandler interface (for auth providers such as Facebook), which uses an Auth.UserData object, says of the Auth.UserData.attributeMap variable, "Because the map is <String, String>, values that the third party returns that are not strings (like an array of URLs or a map) are converted into an appropriate string representation." However, this doesn't appear to be the case for the attributes variable in SamlJitHandler. Does anybody know of a way to get this to work? It doesn't look like RegistrationHandler can be used for SAML SSO. Thanks!

5 answers

Holly Coast
Jun 28, 2017, 9:58 PM
Hi Jan, I did not find a solution or workaround for the issue of handling multi-valued attributes that are sent on the SAML assertion. I do know that if a series of attribute values ARE sent (from SAML) in a comma-separated string, that works fine and you can parse that string to get the individual values. But in my case, the attribute values are sent like your first example above (single attribute element, with multiple AttributeValue subelements). I talked with our team that manages our SAML attribute release configs about possibly writing special code for this one multi-valued attribute that I need to retrieve, but as it turns out our university is starting on a new Identity Management project so we decided to table my little project that would need these values until that IM effort is complete and perhaps I will get my data in another way.
I would be interested if anybody else has more info on this, though - it would be nice if the SamlJitHandler could work more like the RegistrationHandler and convert those multi-valued attributes to comma-separated strings.
By the way, I have a coworker in IT here at Northern Arizona University in Flagstaff with the same last name as yours ... any relation? I'd never heard the name before meeting her.

Add a comment

Write an answer...

0/9000

SamlJitHandler won't handle multivalued attributes

Apex

Related Learning

More Help