Support Article
SAML Assertion schema incorrect for AttributeValue element
SA-48106
Summary
SAML Assertion schema incorrect for Attribute Value element. User is implementing SSO using SAML 2.0 authentication service.
SAML assertion returned by IDP contains repeating elements (AD Groups).
However, when OOTB Activity Code-Security.pyCreateDatapages parses and maps the assertion, for repeating elements only the first value is getting stored in Attribute Value field.
User requires the ability to map all the AD groups returned in the assertion.
Error Messages
Data not mapped properly. Only the first value is getting mapped. Rest are blank.
2017-11-18 11:37:08,936 [m/IP:port>] [ STANDARD] [ ] [thenticated:01.01.01] (nActivity.Code_Security.Action) DEBUG server.com|<IP> - Attribute values received --
userId : somename
organization :
division :
unit :
Steps to Reproduce
Implement SAML SSO and configure the IdP to return an Attribute group with multiple AD groups.
The Activity Code-Security.pyCreateDatapages parses and maps only the first value and is getting stored in Attribute Value field.
Root Cause
A defect in Pegasystems’ code or rules
Resolution
Apply HFix-39609.
Published July 23, 2018 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.