You need to sign in to do that
Don't have an account?
SalesForce SAML attributes when acting as IdP
Hello All
I was looking for some help with regards to configuring additional attributes that can be passed in a SAML response.
I have a working solution with SalesForce acting as IdP however i would like to change the SAML assertion to include additional attributes
Currently, the default attributes included in the SAML response are userId, username, email, is_portal_user
<saml:AttributeStatement>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="userId">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="username">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="email">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="is_portal_user">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">false</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
How do i include additional attributes in this response?
Thanks
Shiva
You can add custom attributes to SAML post through configuration of Connected App.
Go to "Connected Apps" in the setup, click on the Connected App you want to add the attributes to.
Once you are in the connected app detail view, scroll down to the custom attributes section.
Click New and add the attrbute and its value.
Save your changes.
Next time, when a SAML post is made to this app, it will automatically include the additional attributes you have added.
Good luck.
Venkat.
Do you know where i can do it in communities. I am trying to setup single sign on with a couple of applications and i need more feilds to be asserted. How can i do this.
A follow up question based on attributes.
The sample response for SAML 2.0 posted on '*/sso/sso_saml_assertion_examples.htm' is missing attributes like 'InResponseTo' due to which my SAML is failing.
Is that sample response not updated or the field is not sent by Salesforce as in IDP?