Hi Dax,
This is happening because your SAML has not been set up properly.
The email, first name and last name need to be mapped to attributes from
the incoming SAML assertion.
Please reach out to the Predix team so that they can set the correct
attribute mappings.

Thanks,
Sree

Sent from my iPhone

On May 17, 2016, at 7:22 PM, Dax Joshi <dax.joshi(a)tcs.com> wrote:

Hi,

Any update on this ?

Please let me know. I need to solve this issue as soon as possible.


Thanks & Regards,

Dax Joshi
Systems Engineer
Tata Consultancy Services
GARIMA PARK,IT/ITES SEZ,
PLOT # 41,
Gandhinagar - 382007,Gujarat
India
Cell:- 9586581656
Mailto: dax.joshi(a)tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________




From: Dax Joshi/AHD/TCS
To: Sree Tummidi <stummidi(a)pivotal.io>
Cc: Jonathan Lo <jlo(a)us.ibm.com>, cf-dev(a)lists.cloudfoundry.org
Date: 05/14/2016 10:55 AM
Subject: Re: Regarding UAA service
------------------------------


Hi Sree and Jonathan,

Thank you very much for your consideration and reply.

I am working on predix. I have bind my UAA service with SAML.

I use the GE's common login page to login so that using SSO anyone from
the same business can use my application.

*https://<uaa-url>.predix-uaa.run.asv-pr.ice.predix.io/oauth/authorize?client_id=<client-id>&response_type=code*
<https://489afafd-c6b4-4d81-ae52-e51116af4597.predix-uaa.run.asv-pr.ice.predix.io/oauth/authorize?client_id=ppduaa&response_type=code>


Which redirect me to GE's common login page. After successful login SAML
is sending user information to

*https://<uaa-url>.predix-uaa.run.asv-pr.ice.predix.io/saml/SSO/alias/<uaa-url>.cloudfoundry-saml-login*
<https://489afafd-c6b4-4d81-ae52-e51116af4597.predix-uaa.run.asv-pr.ice.predix.io/saml/SSO/alias/489afafd-c6b4-4d81-ae52-e51116af4597.cloudfoundry-saml-login>

While this redirection I have seen in browser network, in encoded format
as form data SAML is passing user's correct and full information to UAA.
including first name, last name, email, groups, roles etc..

After that UAA service redirects the browser to my landing page which I
have set as *redirect_uri *with one cookie named *TS0164a009* and one *code
in request param.*

In our application we use that code with */oauth/token* service and get
the *auth_token. *After this we use the *auth_token *with */check_token*
or /*userinfo* service of uaa to get the user information.

In which we get following json



{
"user_id": "d9cf7779-744a-407d-a846-36e0570d70d9",
"user_name": "sso",
"email": "sso(a)unknown.org",
"client_id": "client_id",
"exp": 1462921362,
"scope": [
"scim.me",
"openid"
],
"jti": "684643f2-a15a-4fca-b9ca-2f9ba2c22f82",
"aud": [
"scim",
"openid",
"ppduaa"
],
"sub": "d9cf7779-744a-407d-a846-36e0570d70d9",
"iss": "
*https://<uaa-url>.predix-uaa.run.asv-pr.ice.predix.io/oauth/token"*
<https://489afafd-c6b4-4d81-ae52-e51116af4597.predix-uaa.run.asv-pr.ice.predix.io/oauth/token%27>
,
"iat": 1462878162,
"cid": "client-id",
"grant_type": "authorization_code",
"azp": "client_id",
"auth_time": 1462878076,
"zid": "489afafd-c6b4-4d81-ae52-e51116af4597",
"rev_sig": "d8ddc2e6",
"origin": "gefssstg"
}


Here I have replaced *uaa-url, sso *and *client_id* with its actual
values.

You can notice that I am not even receiving correct mail id. it gives @
unknown.org

In this json nothing except sso seems to be useful to me.

Please guide me how to get the exact user details from UAA that SAML is
passing to it.

Let me know if anything else you need.


Regards,

Dax Joshi
Systems Engineer
Tata Consultancy Services
GARIMA PARK,IT/ITES SEZ,
PLOT # 41,
Gandhinagar - 382007,Gujarat
India
Cell:- 9586581656
Mailto: dax.joshi(a)tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________





From: Sree Tummidi <stummidi(a)pivotal.io>
To: Jonathan Lo <jlo(a)us.ibm.com>
Cc: Dax Joshi <dax.joshi(a)tcs.com>
Date: 05/14/2016 04:01 AM
Subject: Re: Regarding UAA service
------------------------------



Hi Dax,

Nice to meet you virtually. In the future you can use the cf-dev@
*lists.cloudfoundry.org* <http://lists.cloudfoundry.org/> for any UAA &
CloudFoundry related questions.
Can you elaborate on what you are trying to achieve with UAA & SAML
Integration and the use-case you have in mind


Thanks,
Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry


On Fri, May 13, 2016 at 10:50 AM, Jonathan Lo <*jlo(a)us.ibm.com*
<jlo(a)us.ibm.com>> wrote:
Hi Dax,

Could you provide a bit more detail so that I can better direct your
query? As far as I know, you would be able to decode your access token in
order to obtain a user id, with which you could then get more user
information.

I've CCed Sree, our UAA PM, on the email.

Regards,

Jonathan

Sent from my iPhone

------------------------------
On May 13, 2016, 4:30:16 AM, *dax.joshi(a)tcs.com* <dax.joshi(a)tcs.com>
wrote:

From: *dax.joshi(a)tcs.com* <dax.joshi(a)tcs.com>
To: *jlo(a)us.ibm.com* <jlo(a)us.ibm.com>
Cc:
Date: May 13, 2016 4:30:16 AM
Subject: Regarding UAA service

Hi Jonathan,

This is Dax Joshi From TCS.

I found you email from *https://github.com/GESoftware-CF/uaa*
<https://github.com/GESoftware-CF/uaa>.

I have a query regarding getting loggedin
user details in case of UAA service and SAML Integration.

Please let me know if we can talk over
phone at your convenient time.

Please include other persons in this
loop if they can help me.


Thanks,

Dax Joshi
Systems Engineer
Tata Consultancy Services
GARIMA PARK,IT/ITES SEZ,
PLOT # 41,
Gandhinagar - 382007,Gujarat
India
Cell:- *9586581656* <9586581656>
Mailto: *dax.joshi(a)tcs.com* <dax.joshi(a)tcs.com>
Website: *http://www.tcs.com* <http://www.tcs.com/>
____________________________________________
Experience certainty. IT Services

Business Solutions

Consulting
____________________________________________

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you