- Issue created by @minkahb
- π³π±Netherlands roderik Amsterdam,NL / Budapest,HU
You cannot map anything at admin/config/people/saml/authmap; this must be a misunderstanding. admin/config/people/saml/authmap is just a list of entries (links) for people who have logged in already (or are allowed to log in), and you cannot add any 'links' here through the UI.
The message you are seeing just means "the list of existing links (authmap entries) is empty".
And the apply button does not save anything, it is just a filter for the list of links (which in your case is empty).Question: how is your IdP sending the email address as the unique identifier? (When in doubt, this can be found out with the debug settings: log incoming SAML messages, then try to log in, and then inspect the XML that was received during the process, in the Drupal log.)
Does it send the e-mail address (which you want to use as the unique iD) in a SAML attribute? Then configure that attribute name in 'Unique ID attribute' at admin/config/people/saml
Does it send the e-mail address (which you want to use as the unique iD) in the SAML "NameID" value? This module does not support that yet. You can
- use the patch at https://www.drupal.org/project/samlauth/issues/3211380#comment-14359347 π± NameID support Fixed
- Set the value "NameID" (see patch) in the 'Unique ID attribute' configuration
- test.
- Keep in mind that in the future, when π± NameID support Fixed is properly fixed and you update this module, things will likely break until you update the configuration (to 'use the NameID' in the properly implemented way).
- πΊπΈUnited States minkahb
Thanks for the response. I will try what you suggested.
- πΊπΈUnited States minkahb
Hi,
I was able to get this to work once I had access to my internal Okta configuration, where I was able to create a custom attribute for the email address.
Thanks for your help!
- Status changed to Closed: outdated
12 months ago 10:15pm 26 December 2023 - π³π±Netherlands roderik Amsterdam,NL / Budapest,HU
FWIW π± NameID support Fixed is committed now so future users will hopefully not run into this.