SAML username is generic
brianray opened this issue · comments
Using package
allauth.socialaccount.providers.saml
SOCIALACCOUNT_PROVIDERS = {
'saml': {
"VERIFIED_EMAIL": True
}
}
Here are my settings from my SAML social applications, settings in the django admin:
{"idp": {"name": "Example IdP",
"slo_url": "https://wac.example.com/sso_cond2fa_2023/SingleLogoutService",
"sso_url": "https://wac.example.com/sso_cond2fa_2023/SingleSignOnService",
"x509cert": "-----BEGIN CERTIFICATE-----XXXXXXXXX==-----END CERTIFICATE-----",
"entity_id": "https://wac.example.com"},
"attribute_mapping": {"uid": "http://schemas.auth0.com/clientID",
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"surname": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"username": "http://schemas.auth0.com/clientID",
"firstname": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"}}
The username populated in the default django User table shows as 'user876' etc I would like that to be something else like email, or surname + first name etc. I do see that data as json in my social accounts model through the admin under extra_data.
Can you show a (anonymized) dump of what is under extra_data
? For username, the username
from the attribute mapping should be picked.. though, if that username already exists it will fallback to another.
Sure here:
{"uid": ["A823413"], "email": ["nobody@eviden.com"], "surname": ["Ray"], "firstname": ["Brian"]}
can a username be created by calling some function, or can email be used instead. the SSO server (which I have no control over) seems not to be returning anything named 'username'
Your attribute mapping does not map any of those keys you pasted. So, if you want to use email, or surname for username, you should add that to the mapping:
"attribute_mapping": {"username": "surname"}, ...}
Additionally, you could hook up to the pre_social_login()
adapter method, and alter the username
in a more dynamic fashion.
All in all, I don't think there is an issue in allauth to solve here.