Solved: User creation based on SAML Attributes

Velkumar · ‎Jul 16, 2020

Hi all,

We have configured Thingworx SSO with Azure AD. Now when new user logged in, Thingworx creates user entity based on user's full name. How we can make Thingworx to create user entity based on email ID or only first name or some other SAML attribute.

SAML Message

 <Subject>
            <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">USERREQUIRED</NameID>
            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <SubjectConfirmationData InResponseTo="REMOVED"
                                         NotOnOrAfter="2020-07-16T13:32:57.070Z"
                                         Recipient="REMOVED"
                                         />
            </SubjectConfirmation>
        </Subject>
        <Conditions NotBefore="2020-07-16T12:27:57.070Z"
                    NotOnOrAfter="2020-07-16T13:32:57.070Z"
                    >
            <AudienceRestriction>
                <Audience>REMOVED</Audience>
            </AudienceRestriction>
        </Conditions>
        <AttributeStatement>
            <Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid">
                <AttributeValue>REMOVED</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
                <AttributeValue>REMOVED</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.microsoft.com/identity/claims/displayname">
                <AttributeValue>REMOVED</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider">
                <AttributeValue>REMOVED</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences">
                <AttributeValue>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AttributeValue>
                <AttributeValue>REMOVED</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
                <AttributeValue>REMOVED</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
                <AttributeValue>REMOVED</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
                <AttributeValue>REMOVED</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
                <AttributeValue>REMOVED</AttributeValue>
            </Attribute>
        </AttributeStatement>

From above sample I want to use value from the 'NameID' tagto create new user entity in Thingworx.

Velkumar · ‎Jul 22, 2020

Hi all,

We used PingFederate OGNL expression to solve this issue - https://docs.pingidentity.com/bundle/pingfederate-93/page/ndy1564003003840.html

/VR

View solution in original post

Velkumar · ‎Jul 22, 2020

Hi all,

We used PingFederate OGNL expression to solve this issue - https://docs.pingidentity.com/bundle/pingfederate-93/page/ndy1564003003840.html

/VR