Ignition 8.0.2, May 7th Identity Provider - User Mapping Attributes - Roles property does not get mapped to IdP Response value

I am using an external Open ID Connect 1.0 identity provider and attempting to map user roles into the Mapped User Attributes.

Using test login; my IdP response data from my provider looks like:

image1223×632 23.9 KB

The appropriate roles list is populated in the IdP response @ property “http://tt.com”

My mapped user attributes test login result looks like:

image962×411 8.81 KB

I have tried a few different combinations of both direct and expression-based user attribute mappings. The latest being:

image499×831 16.9 KB

I thought maybe the issue was with forward slashes // in the property path, so I also tried surrounding with double quotes with no success. The Roles property is always blank. All of the other properties I have been able to map with direct mappings, although those properties differ in that they expect strings instead of Lists I believe.

Has anyone else succeeded in something like this / had any experience? Thanks!

Hi @will -

It is most likely the characters in the property with key http://tt.com that is causing the problem. You can confirm by setting gateway.UserAttributeMapper logger to debug and trying login again. You should see an exception in the logs.

Try using a direct mapper of ["http://tt.com"] instead. That should give you what you want.

Direct Mapper fixed it. Thank you very much!