Unable to parse one of the required claims for the SAML authentication

Question

Hi there,

I'm helping one of my clients with the SAML 2.0 SSO integration with my cloud-based app. The integration is successful, but there is a small group of users who aren't able to authenticate to the app due to the missing country attribute.
The country is a mandatory attribute to authenticate into this app. And the app expects it to be in one of the following formats:
• ISO 3166 alpha-3 (USA)
• ISO 3166 alpha-2 (US)
• ISO 3166 numeric (840)
When we checked in the Azure AD, we can see the country attribute is populated correctly for the user and NOT missing on the AD side however, during the authentication process, it does not reach the app.
And strangely there are users with the same country code (let's say MA or MX) who are able to log in. It's just a subset of the users irrespective of their country aren't authenticated.
Anyone would know what could cause this attribute to go missing only for few users during the authentication?

Appreciate your support. Thank you!

Answer 1

@Sagar Deokar Thanks for reaching out.

As you have a working and non working scenario, Can you collect the SAML request in both case as well as the SAML response and compare them if there is any difference. Share us the result if you want us to have a look.

From the SAML request, confirm that the App is requesting the correct policy and in correct format for non-working scenario. More will be discovered once we have the results.

-----------------------------------------------------------------------------------------------------------------

If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community