Uploaded image for project: 'SAML for Atlassian Data Center'
  1. SAML for Atlassian Data Center
  2. SAMLDC-43

Allow remapping of username attribute in SSO

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • None
    • None
    • None

      Currently, you must have your SSO attribute be username in order to pull in the username. If the username is set to example@example.com, but the username in Bitbucket is example, it cannot be synced receiving the following:

      ERROR [http-nio-7101-exec-6] @NA67I8x1222x1487x0 11vbk2y 100.127.66.23,100.64.18.192,127.0.0.1 "POST /plugins/servlet/samlconsumer HTTP/1.1" c.a.p.a.i.w.f.ErrorHandlingFilter Received SAML assertion for user example@example.com, but the user doesn't exist in the product
com.atlassian.plugins.authentication.impl.web.usercontext.AuthenticationFailedException: Received SAML assertion for user example@example.com, but the user doesn't exist in the product

      Example: A user has the email example@example.com and username TEST1 in our apps. If the IdP has the user with email example@example.com but there is no reference to TEST1 at all in the attributes, there's no way to tell our apps to use the email field rather than the username field for a match with the IdP.

      The suggestions would be to allow Atlassian apps to be configurable to change from the default username to other fields such as email to meet scenarios like this example.

            [SAMLDC-43] Allow remapping of username attribute in SSO

            No work has yet been logged on this issue.

              Unassigned Unassigned
              alevinson Aaron
              Votes:
              21 Vote for this issue
              Watchers:
              20 Start watching this issue

                Created:
                Updated: