One thing to note: in user attribute mappings and security level rules, you must access attributes in the SAML response document using an xPath expression, such as /saml2p:Response/saml2:Assertion/saml2:Subject/saml2:NameID/text(). This is because the SAML response is an XML document whereas in OpenID Connect, we use a JSON Path because the response is a JSON-encoded ID token.
1 Like