function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
sunshivasunshiva 

SalesForce SAML attributes when acting as IdP

Hello All

 

I was looking for some help with regards to configuring additional attributes that can be passed in a SAML response.

 

I have a working solution with SalesForce acting as IdP however i would like to change the SAML assertion to include additional attributes

 

Currently, the default attributes included in the SAML response are userId, username, email, is_portal_user

 

<saml:AttributeStatement>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="userId">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="username">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="email">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="is_portal_user">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">false</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>

 

How do i include additional attributes in this response?

 

Thanks

 

Shiva

Venkat PenukondaVenkat Penukonda
Hello Shiva,

You can add custom attributes to SAML post through configuration of Connected App.

Go to "Connected Apps" in the setup, click on the Connected App you want to add the attributes to.  
Once you are in the connected app detail view, scroll down to the custom attributes section.  
Click New and add the attrbute and its value. 
Save your changes. 

Next time, when a SAML post is made to this app, it will automatically include the additional attributes you have added.

Good luck.
Venkat.
Sindhura Mutta 18Sindhura Mutta 18
Hi Venkat- I am using salesforce communities and do not see this option
Do you know where i can do it in communities. I am trying to setup single sign on with a couple of applications and i need more feilds to be asserted. How can i do this.
Parth JhaParth Jha
Hi Everyone,
A follow up question based on attributes.

The sample response for SAML 2.0 posted on '*/sso/sso_saml_assertion_examples.htm' is missing attributes like 'InResponseTo' due to which my SAML is failing.
Is that sample response not updated or the field is not sent by Salesforce as in IDP?