Reading attribute from remote user flow

Ilkka Lindblom don at
Wed Nov 23 11:10:39 UTC 2022


I have been posed with the following problem. In our IdP, we use the 
RemoteUser login flow. The external system called authenticates user and 
returns REMOTE_USER that is used to find rest of user details from LDAP 
in attribute resolver.

Now, we are asked to provide an attribute in our SAML response for user 
that is not available in LDAP, but is provided by the authentication 
component either as a value besides REMOTE_USER, or even as a part of 
it, for example "username;othervalue".

I did some reading and while the remote user flow can be configured to 
look for the principal in other places besides REMOTE_USER, I cannot see 
a way to read an attribute.

I notice that External login flow, that RemoteUser flow is to my 
understanding based on, has an output called "attributes", but this does 
not exist in RemoteUser.

Any advice to point in the right direction would be much appreciated.

Ilkka Lindblom

More information about the users mailing list