SamlCredential does not retrieve group attributes from Okta SAML response

Question

I am using Okta as IDP and I have configured the user attribute statements and group attribute statements like this

And by providing a custom samluserdetails I am able to retrieve user attributes but not group attributes.

public class CustomSamlUserDetails implements SAMLUserDetailsService {
    @Override
    public Object loadUserBySAML(SAMLCredential cred) throws UsernameNotFoundException {
        AppUser user = new AppUser();
        user.setFirstName(cred.getAttributeAsString("firstName"));
        user.setLastName(cred.getAttributeAsString("lastName"));
        user.setLoginId(cred.getAttributeAsString("loginId"));

        String groupname = cred.getAttributeAsString("role"); // comes null


        return user;
    }
}

Is there some config I missed or am I retrieving the group info in a wrong way?

EDIT: If I use contains filter with some characters for example I have 3 groups test1, test2 and other1. If I use contains filter *, I get null. However if I use contains filter with test , I get test1 (and test2, if user is path of both groups). Is wildchar not supported in case of groups? What if in above case user was part of all 3 groups?

Ayyaz Mahmood Paracha · Accepted Answer · 2018-02-06T12:51:30.387

2

I am not an expert of OKTA but I statred working couple of weeks for one of my clients. I tested with * but it only worked for me for filter Regex. For other filters I never succeeded with *. For example the configuration without * worked perfectly for me.

OKTA CONFIG

I used the code String str = credential.getAttributeAsString("Groups");

But I have one issue that when I have more then one group I still get one group. I want to have list of groups instead.

EDIT - O6 Feb

Finally I restested and I am able to implement wildcard entry with regex I used the regex filter :

In java I got the groups as you suggested :

         String[] str = credential.getAttributeAsStringArray("groups");

     for(int i = 0; i< str.length; i++){
         System.out.println(str[i]);
     }

The result is :

Have a great day

edited Feb 06 '18 at 12:51

answered Jan 25 '18 at 14:36

Ayyaz Mahmood Paracha

116
1
7

you can have a list of groups by using `getAttributeAsStringArray`. However the issue of getting all groups still remains. See my edit part in question. – tryingToLearn Feb 05 '18 at 11:08
Please have a look at my edited post. Hopefully this will solve your problem. – Ayyaz Mahmood Paracha Feb 06 '18 at 12:52

SamlCredential does not retrieve group attributes from Okta SAML response

1 Answers1