cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configuration for XSUAA for User Name value

Go to solution
BryanPierce
Explorer

on ‎12-02-2023 12:00 AM

0 Kudos

We are using a corporate IdP as the default IdP for application users and have successfully configured the system to allow SSO for our application. However, the User Name field in the subaccount is displaying a GUID value instead of the value we'd like to see. We've successfully used the Enrich Token Claims for the OpenID connect config that updates the email the way we'd like but cannot figure out how the User Name field gets is value. Does anyone know the proper claim (Azure AD) to map to or possibly a different way to achieve this? 2023-12-01-15-58-16.jpg

Show replies
Show replies
gregorw
Active Contributor
‎12-02-2023 7:46 PM
0 Kudos

Have you connected the Azure AD (which is now called Entra ID) directly to the BTP Subaccount or via Identity Authentication?

BryanPierce
Explorer
‎12-04-2023 3:43 PM
0 Kudos

Yes. We have Identity Authentication (IAS) setup - and it's working good. We're getting the family_name, given_name, and now the email, via the Enriched Token config. Just having issues with getting the User Name.

Answer

Accepted Solutions (1)

Accepted Solutions (1)

marhol
Product and Topic Expert
Product and Topic Expert
‎12-04-2023 8:38 PM
0 Kudos

have you checked following SAP note: 3014151 - First Name, Last Name and E-mail are not correctly displayed in BTP Cockpit or populated i... -> "In addition, the Subject Name ID is mapped to "user_name" ..

so which attribute are you using for Subject Name Identifier? looks like something, like UUID or Global User ID. So you might switch you SNI in the XSUAA application in IAS to email (or what's coming from your corp IDP depending on your config -> See Configure the Subject Name Identifier Sent to the Application | SAP Help Portal )

Show replies
Show replies
BryanPierce
Explorer
‎12-07-2023 8:25 PM

Thanks, Marco. That SAP note hint did the trick. We needed to turn on Federated Identity and use the advanced config to set the proper subject name identifier. Then back tracked and set the proper Attributes to map the First, Last, and Email (as we lost the implicit mapping with these changes). But, we now have all fields in the sub account populating properly.

Appreciated the helpful suggestions from both of you.

Not sure how to mark your response as a good answer...

Answers (0)

Ask a Question