[OPENAM-8340] Update a dynamically created users attributes if they are updated on IDP. Created: 11/Feb/16  Updated: 14/Apr/17

Status: Open
Project: OpenAM
Component/s: SAML
Affects Version/s: 11.0.3, 12.0.2, 13.0.0
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Jonathan Thomas Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: AME, CustomerRFE
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Target Version/s:
Support Ticket IDs:

 Description   

Customer would like the ability for a Dynamically created users's attributes be updated if they are changed on IDP.

Customer notes:

Setup a IDP and SP with SAML SSO with dynamic profile at SP side. SSO works as expected and it creates a user dynamically, however SP does not update the attributes of an existing user, which was created dynamically by sso process with previous session.

First do SSO session It works fine, SP creates a user with attributes
Log out from both IDP, SP
Change the attributes in IDP of the user
Do a SSO session with same user, it will logs in successfully, but it does not update the attributes



 Comments   
Comment by Pravin Pawar [X] (Inactive) [ 16/Sep/16 ]

What's the expected target date for this?

Comment by Peter Major [ 24/Oct/16 ]

A potential workaround could be to use SAML2 authentication module (integrated mode) and then have a Scripted authentication module in the chain that updates the attributes (given that the user profile already exists).

Comment by Peter Major [ 24/Oct/16 ]

Other workarounds would involve writing a custom SPAttributeMapper that persists the mapped attributes if the user profile already exists.

Generated at Thu Aug 17 18:19:22 BST 2017 using JIRA 7.3.6#73017-sha1:51437cf70ba5689aadb808c1cc05a46d676f5739.