[OPENAM-8340] Update a dynamically created users attributes if they are updated on IDP. Created: 11/Feb/16  Updated: 05/Jun/18

Status: Open
Project: OpenAM
Component/s: SAML
Affects Version/s: 11.0.3, 12.0.2, 13.0.0
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Jonathan Thomas Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: AME, CustomerRFE
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Support Ticket IDs:


Customer would like the ability for a Dynamically created users's attributes be updated if they are changed on IDP.

Customer notes:

Setup a IDP and SP with SAML SSO with dynamic profile at SP side. SSO works as expected and it creates a user dynamically, however SP does not update the attributes of an existing user, which was created dynamically by sso process with previous session.

First do SSO session It works fine, SP creates a user with attributes
Log out from both IDP, SP
Change the attributes in IDP of the user
Do a SSO session with same user, it will logs in successfully, but it does not update the attributes

Comment by Pravin Pawar [X] (Inactive) [ 16/Sep/16 ]

What's the expected target date for this?

Comment by Peter Major [ 24/Oct/16 ]

A potential workaround could be to use SAML2 authentication module (integrated mode) and then have a Scripted authentication module in the chain that updates the attributes (given that the user profile already exists).

Comment by Peter Major [ 24/Oct/16 ]

Other workarounds would involve writing a custom SPAttributeMapper that persists the mapped attributes if the user profile already exists.

Comment by Charan Mann [ 18/Aug/17 ]

This may help: https://forum.forgerock.com/2017/05/openam-sp-saml-attribute-mapper-extension-updating-profile-attributes/  

Generated at Fri Jul 20 00:05:14 BST 2018 using JIRA 7.3.8#73019-sha1:94e8771b8094eef96c119ec22b8e8868d286fa88.