Affects Version/s: None
Fix Version/s: Master
Component/s: Application Security > SAML
Sprint:AppSec Iteration 54, AppSec Iteration 55, AppSec Iteration 56, AppSec Iteration 57, AppSec Iteration 58, AppSec Iteration 59, AppSec Iteration 60, AppSec Iteration 61, AppSec Iteration 62, AppSec Iteration 63, AppSec Iteration 64, AppSec Iteration 65, AppSec Iteration 66, AppSec Iteration 67, AppSec Iteration 68, AppSec Iteration 69, AppSec Iteration 70
The Attribute Mapping field of the SAML provider settings can have arbitrary entries in the mapping with verifications on portal side attributes. The values of the given SAML provider asserts will be saved to the appropriate portal User attribute values at synchronization when the user signs in. There will be a separated field for the User attributes like it is working in LDAP configuration already.
The followings can be a later considerations:
- To create custom fields for the the basic fields, that can be managed in the Attribute Mapping field already.
- To have some notification to Instance Administrator if there is an exception at creating the portal User. For example in case of invalid values for any of the fields.
Same as the AC of
- As an Instance Administrator, I want to set portal User attribute from a predefined list to SAML assert mapping at the SAML provider settings according to which the assertion values are saved as portal User attribute values.
- As an Instance Administrator, I want to have a verification at saving the SAML provider settings which checks the portal User attributes if they are existing portal User attributes. (Note: in the current implementation there is no way to send a non-existing attribute as the attributes can be chosen from a predefined list. However, it may be possible to do that in a hacky way so we may need the protection on server side.)
- As an Instance Administrator, I want to have a verification at saving the SAML provider settings which checks for duplicated portal User attributes in the mapping.
- As an End User, I want my data in IdP synced to my portal user when I sign in.
- As an Instance Administrator, I want to be able to have the previous way of working as default working after an upgrade.
- As an Instance Administrator, I want to be able to continue using the previous way of working after an upgrade.