-
|
I am following the documentation for configuring SSO with a Generic SAML Provider. I have a requirement to receive a custom claim (OrgId), that can somehow be accessible on the authenticated user. It this possible with the BoxyHQ NextAuth integration? There is a note in the claims mapping docs saying Thanks in advance for any advice or pointers. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
@jamshally We do return all the claims that the SAML Provider returns under raw attribute. See https://boxyhq.com/docs/jackson/sso-flow#33-profile-request |
Beta Was this translation helpful? Give feedback.
-
|
Hi @niwsa. Thank you so much for that quick response, that is very helpful. It seems the raw attribute will provide access to the custom claims when received. So, how is this handled from the point of view of Service Provider Metadata? With the SAML flows, if I understand correctly, the SP Metadata should reflect all of the expected Claims. So, in this circumstance, we would want to indicate to the IDP (via Metadata), that an |
Beta Was this translation helpful? Give feedback.
-
|
@jamshally The custom attributes can be mapped anytime, the SAML metadata file doesn't need to reflect it. What we do is extract all attributes that come through and group them under the raw attribute when you get the userinfo from us. We standardise |
Beta Was this translation helpful? Give feedback.
@jamshally We do return all the claims that the SAML Provider returns under raw attribute. See https://boxyhq.com/docs/jackson/sso-flow#33-profile-request