How would I direct map the First Name attribute to the ‘givenname’ SAML response below? If multiple roles are assigned by the IdP, how are they mapped to Ignition?
There is a section in the user manual page that you referenced titled Expression Mapping with sub-section titled Attribute Path which mentions:
If the attribute source is an XML document (as is the case with SAML IdPs), then an XPath 1.0 expression may be used to reference the target attribute. See the Multi-Valued Object Example further down.
If you then scroll down to the Multi-Valued Object Example, you can see a sample SAML XML Response and a corresponding XPath expression referencing a multi-valued attribute such as roles.
The same principle applies for Direct User Attribute Mapping - except you just put the XPath expression itself directly as the value in the Direct User Attribute Mapping setting.
See if you can come up with the appropriate XPath expression for your use case given the above information, and if you are still having trouble, DM me your SAML XML Response and which attributes you are trying to map to and I'll see if I can give you some better guidance.
We use Azure for our SAML SSO IDP. We removed the original claims in the Enterprise App and recreated with simple names and no url.
I found this path syntax that works.
/samlp:Response/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name="GivenName"]/saml2:AttributeValue
SAML Response
<Attribute Name="GivenName">
<AttributeValue>Eric</AttributeValue>
</Attribute>
Eric Kurtz
