Hi Dax,
This is happening because your SAML has not been set up properly.
The email, first name and last name need to be mapped to attributes from the incoming SAML assertion.
Please reach out to the Predix team so that they can set the correct attribute mappings.
Thanks,
Sree
Sent from my iPhone
toggle quoted message
Show quoted text
On May 17, 2016, at 7:22 PM, Dax Joshi <dax.joshi(a)tcs.com> wrote:
Hi,
Any update on this ?
Please let me know. I need to solve this issue as soon as possible.
Thanks & Regards,
Dax Joshi
Systems Engineer
Tata Consultancy Services
GARIMA PARK,IT/ITES SEZ,
PLOT # 41,
Gandhinagar - 382007,Gujarat
India
Cell:- 9586581656
Mailto: dax.joshi(a)tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
From: Dax Joshi/AHD/TCS
To: Sree Tummidi <stummidi(a)pivotal.io>
Cc: Jonathan Lo <jlo(a)us.ibm.com>, cf-dev(a)lists.cloudfoundry.org
Date: 05/14/2016 10:55 AM
Subject: Re: Regarding UAA service
Hi Sree and Jonathan,
Thank you very much for your consideration and reply.
I am working on predix. I have bind my UAA service with SAML.
I use the GE's common login page to login so that using SSO anyone from the same business can use my application.
https://<uaa-url>.predix-uaa.run.asv-pr.ice.predix.io/oauth/authorize?client_id=<client-id>&response_type=code
Which redirect me to GE's common login page. After successful login SAML is sending user information to
https://<uaa-url>.predix-uaa.run.asv-pr.ice.predix.io/saml/SSO/alias/<uaa-url>.cloudfoundry-saml-login
While this redirection I have seen in browser network, in encoded format as form data SAML is passing user's correct and full information to UAA. including first name, last name, email, groups, roles etc..
After that UAA service redirects the browser to my landing page which I have set as redirect_uri with one cookie named TS0164a009 and one code in request param.
In our application we use that code with /oauth/token service and get the auth_token. After this we use the auth_token with /check_token or /userinfo service of uaa to get the user information.
In which we get following json
{
"user_id": "d9cf7779-744a-407d-a846-36e0570d70d9",
"user_name": "sso",
"email": "sso(a)unknown.org",
"client_id": "client_id",
"exp": 1462921362,
"scope": [
"scim.me",
"openid"
],
"jti": "684643f2-a15a-4fca-b9ca-2f9ba2c22f82",
"aud": [
"scim",
"openid",
"ppduaa"
],
"sub": "d9cf7779-744a-407d-a846-36e0570d70d9",
"iss": "https://<uaa-url>.predix-uaa.run.asv-pr.ice.predix.io/oauth/token",
"iat": 1462878162,
"cid": "client-id",
"grant_type": "authorization_code",
"azp": "client_id",
"auth_time": 1462878076,
"zid": "489afafd-c6b4-4d81-ae52-e51116af4597",
"rev_sig": "d8ddc2e6",
"origin": "gefssstg"
}
Here I have replaced uaa-url, sso and client_id with its actual values.
You can notice that I am not even receiving correct mail id. it gives @unknown.org
In this json nothing except sso seems to be useful to me.
Please guide me how to get the exact user details from UAA that SAML is passing to it.
Let me know if anything else you need.
Regards,
Dax Joshi
Systems Engineer
Tata Consultancy Services
GARIMA PARK,IT/ITES SEZ,
PLOT # 41,
Gandhinagar - 382007,Gujarat
India
Cell:- 9586581656
Mailto: dax.joshi(a)tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
From: Sree Tummidi <stummidi(a)pivotal.io>
To: Jonathan Lo <jlo(a)us.ibm.com>
Cc: Dax Joshi <dax.joshi(a)tcs.com>
Date: 05/14/2016 04:01 AM
Subject: Re: Regarding UAA service
Hi Dax,
Nice to meet you virtually. In the future you can use the cf-dev(a)lists.cloudfoundry.org for any UAA & CloudFoundry related questions.
Can you elaborate on what you are trying to achieve with UAA & SAML Integration and the use-case you have in mind
Thanks,
Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry
On Fri, May 13, 2016 at 10:50 AM, Jonathan Lo <jlo(a)us.ibm.com> wrote:
Hi Dax,
Could you provide a bit more detail so that I can better direct your query? As far as I know, you would be able to decode your access token in order to obtain a user id, with which you could then get more user information.
I've CCed Sree, our UAA PM, on the email.
Regards,
Jonathan
Sent from my iPhone
On May 13, 2016, 4:30:16 AM, dax.joshi(a)tcs.com wrote:
From: dax.joshi(a)tcs.com
To: jlo(a)us.ibm.com
Cc:
Date: May 13, 2016 4:30:16 AM
Subject: Regarding UAA service
Hi Jonathan,
This is Dax Joshi From TCS.
I found you email from https://github.com/GESoftware-CF/uaa.
I have a query regarding getting loggedin
user details in case of UAA service and SAML Integration.
Please let me know if we can talk over
phone at your convenient time.
Please include other persons in this
loop if they can help me.
Thanks,
Dax Joshi
Systems Engineer
Tata Consultancy Services
GARIMA PARK,IT/ITES SEZ,
PLOT # 41,
Gandhinagar - 382007,Gujarat
India
Cell:- 9586581656
Mailto: dax.joshi(a)tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
|
