not able to get custom saml response

Sai Prasanna sastry S S 1 Reputation point
2021-03-29T18:37:16.407+00:00

Firstly i'm not able to add http://schemas.microsoft.com/ws/2008/06/identity/claims/role as it says its a reserved claim

secondly my custom values (role/user.role) are not seen in saml assertion

82417-screenshot-2021-03-30-at-120629-am.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,199 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Sai Prasanna sastry S S 1 Reputation point
    2021-03-29T18:45:03.76+00:00

    actually after logging in and out
    got the value for user.rolew(i.e the value that i typed)

    user.assignedroles

    Did not get any reponse for the role field whose value corresponded to user.assignedroles

    0 comments No comments

  2. Siva-kumar-selvaraj 15,686 Reputation points
    2021-03-30T09:25:20.753+00:00

    Hello @Sai Prasanna sastry S S ,

    Thanks for reaching out.

    You need not to specify in "User Attributes & Claims" UI to emits http://schemas.microsoft.com/ws/2008/06/identity/claims/role claim as Azure AD emits a role claim by default out of box when you created App role and assign user or groups of users to roles as per these articles.

    Here is test from my lab and I was able to get custom role claim as above Namespace.

    82732-image.png

    In addition to that, if you try to add explicitly from "User Attributes & Claims" UI then you get below error as this claim set & namespace is SAML restricted (http://schemas.microsoft.com/ws/2008/06/identity/claims/role) hence this can't be defined and added neither from "User Attributes & Claims" UI nor Custom Policy.

    82685-image.png
    82637-image.png

    Hope this helps.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.