Wrong attributeMappings in SAML?

[giva01121]

Hello, I want to use AttributeMappings and map the incoming SAML information to the UAA attributes, unfortunately the mapping section is not respected. No matter what I put, after redeploying CF the values retrieved from uaac user get name are not changing .

What version of UAA are you running?

app version":"74.13.0"

How are you deploying the UAA?

I am deploying the UAA

• using a bosh release I downloaded from bosh.io

What did you do?

I'm using ops file to add the attributes:

# add SIT Azure AD SAML provider
#
- type: replace
  path: /instance_groups/name=uaa/jobs/name=uaa/properties/login/saml/providers?/
  value:
    nameID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    idpMetadata:
    showSamlLoginLink: true
    linkText: Log in with IDP
    metadataTrustCheck: false
    attributeMappings:
      given_name: givenname
      family_name: surname
      email: emailaddress
    groupMappingMode : AS_SCOPES

What did you expect to see? What goal are you trying to achieve with the UAA?

I'm expecting to see:

~:$ uaac user get [email protected]
  name: John
    familyname: Doe
    givenname: John Doe
  emails: [email protected]

What did you see instead?

~:$ uaac user get [email protected]
  name
    familyname: example.com
    givenname: John.Doe
  emails: 

Please include UAA logs if available.

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/172076402

The labels on this github issue will be updated when the story is started.

[strehle]

is this still an issue ? For Azure integration I recommend to use OIDC v2 integration, e.g.
https://learn.microsoft.com/en-us/azure/active-directory/develop/optional-claims-reference
because there the names and mappings are clear