Sign Up ›
  • Parth Jha
  • NEWBIE
  • 0 Points
  • Member since 2018
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 1
    Replies
0 replies

Saml Attributes for Salesforce as an IDP

Hi Team,
The sample response for SAML 2.0 posted on '*/sso/sso_saml_assertion_examples.htm' is missing attributes like 'InResponseTo' due to which SAML is failing.
Is that sample response not updated or the field is not sent by Salesforce as in IDP?

Below are the fields that I had to add in the sample response to make it work.

samlp:Response 
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
InResponseTo="id-21709915c60494f3646ca60432d2e6ba"


SubjectConfirmation
InResponseTo="id-21709915c60494f3646ca60432d2e6ba"

AttributeStatement
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3 replies

SalesForce SAML attributes when acting as IdP

Hello All

 

I was looking for some help with regards to configuring additional attributes that can be passed in a SAML response.

 

I have a working solution with SalesForce acting as IdP however i would like to change the SAML assertion to include additional attributes

 

Currently, the default attributes included in the SAML response are userId, username, email, is_portal_user

 

<saml:AttributeStatement>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="userId">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="username">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="email">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">xxxx</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="is_portal_user">
<saml:AttributeValue xsi:type="xs:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">false</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>

 

How do i include additional attributes in this response?

 

Thanks

 

Shiva