on 12-20-2023 4:01 PM
Hi,
we are implementing an MDK application deployed on subaccount "A" that consume a OData service deployed on subaccount "B".
The subaccount "A" has a custom IdP that is federated with ADFS. In federation has been inserted a custom assertion attribute.
In other application deployed on subaccount "A" I can see custom assertion attribute.
I want that the service on subaccount "B" reads the custom assertion attributes. To do this I've created, in mobile connectivity, a destination with OAuth2 SAML Bearer Assertion. I've established a trust with this new destination in subaccount "B" and the Authentication is correctly propagated but in the service I can't see the custom assertion attribute.
How can I propagate the assertion attributes?
The oauth2saml bearer assertion flow is Mobile Services will generate a SAML assertion based on current login context.
The current login context will contain SAML attributes from IDP during login to Mobile Services.
So the SAML assertion Mobile Services send to 'Token Service URL' will contain the SAML attributes from IDP.
But whether Token Service will maintain the SAML attributes is up to the implementation of the Token Service.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I've configured the custom Assertion Attributer properly in Corporate Identity provider and in IdP. In other applications I can see the custom attributes.
In MDK application, in the Security tab, I've inserted the following xs-security.json
{
"xsappname": "anasgallerie",
"tenant-mode": "dedicated",
"scopes": [
{
"name": "$XSAPPNAME.gallerie_user",
"description": "gallerie_user"
}
],
"attributes": [
{
"name": "postOfficeBox",
"description": "PIVA",
"valueType": "s",
"valueRequired": true
}
],
"role-templates": [
{
"name": "gallerie_user",
"description": "generated",
"scope-references": [
"$XSAPPNAME.gallerie_user"
],
"attribute-references": [
{
"name": "postOfficeBox"
}
]
}
],
"role-collections": [
{
"name": "ANAS_GALLERIE",
"description": "User Gallerie",
"role-template-references": [
"$XSAPPNAME.gallerie_user"
]
}
]
}
Below the xs-security.json of the provider service
{
"xsappname": "ANAS-Gallerie",
"tenant-mode": "dedicated",
"description": "Security profile of called application",
"foreign-scope-references": ["user_attributes"]
"scopes": [
{
"name": "uaa.user",
"description": "UAA"
}
],
"role-templates": [
{
"name": "Token_Exchange",
"description": "UAA",
"scope-references": [
"uaa.user"
]
}
]
}
But I can't see the attributes on provider service.
User | Count |
---|---|
76 | |
10 | |
8 | |
8 | |
6 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.