Question

SAML Custom User provisioning Issue

0

EDIT: I believe the issue is not having a continue event on the false flow... Hi all, I have SAML SSO set up on my app and i'm trying to make it so if a user is a member of the Azure Active Directory (AAD) group then they will be given the user role that allows them access. If they are not a member then it will give them a group that has just a page that tells them they don't have access. So here's my microflow. It iterates over the assertion attribute that it has got from the Azure claim when the user logged in. It checks for the unique identifier for the required group. If found it should the proceed to give the user to access, if not it gives the user no access. My problem is, although unique identifier is in the claim, as in the below image. it always goes down the false route Does anyone have any thoughts? Many thanks, Garion

asked 2018-09-28

Garion Swann

3 answers

Dennis Kho · Answer 1 · 2018-10-02

Isn't your true flow missing a break event, so that you exit the loop as soon as the correct claim is found?

As shown in your variables list, the one you're looking for is in the 2nd of 65 assertions. So after finding the correct one in iterator 2 and setting the correct userroles, your loop continues checking the rest. Since all the others are not what you're looking for, the other userroles are being set.

Since you're simply looking for a specific assertion, wouln't it be better to remove the loop and simply use the List operation Find? Then you can simply check wether the object was found from the list or not and decide which userroles to assign.

Allard Brand · Answer 2 · 2018-09-28

Have you tried to trim the value? See https://docs.mendix.com/refguide/string-function-calls#trim

Rachana B P Do-Not-Use · Answer 3 · 2019-05-15

hi Swann,

Can i know how do you call this Microflow? I have a requirement to Redirect the user who doesnt have access to application to an error page. Usually the error page is "SAML-error-result.vm " I wish to call a Microflow and show a page designed in Mendix, like in your case but i am not sure of how a MF needs to be called. It would be of great help if you can let me know. Thanks in advancehi Swaan, Can i know how do you call this Microflow? I have a requirement to Redirect the user who doesnt have access to application to an error page. Usually the error page is "SAML-error-result.vm " I wish to call a Microflow and show a page designed in Mendix, like in your case but i am not sure of how a MF needs to be called. It would be of great help if you can let me know. Thanks in advance