Method to Import User Attributes for User table

I’m tasked with migrating a legacy application’s authentication to a ComponentSpace SAML service provider authentication. The application is currently structured to check an endpoint web service for a valid user who has been assigned to the correct application ID to get what is essentially the SAML SSO attributes and store them in the application’s User table. It does this to authorize that the user is permitted to use the application.

I think I need come up with an alternate way to authorize users. I believe the path of least resistance is to have the application admin enter a user_name and user_email and retrieve the other attributes from the Identity Provider to fill in the User table for each new user. And then add some logic to the AssertionConsumerService to check that the user exists in the User table.

Just wondering if there is an Identity Service method I can call to replicate what my current web service is providing. Or do I need to incorporate the user initiating the SSO to fill in the attributes into the User table? I’d appreciate any ideas. Thanks.

SAML doesn’t support a mechanism for retrieving user attributes as you described. You could see whether the identity provider supports a provisioning protocol such as SCIM although its use isn’t widespread.

The SAML response returned to the service provider when the user SSOs to the identity provider could include all the required SAML attributes. You could then fill in the User table with these attributes at the time of the SSO. This is sometimes referred to as auto-provisioning.

I assumed auto-provisioning was going to be my only recourse. Thanks for responding.

You’re welcome. I think this is the simplest and best approach.