NameID mapper
Use a NameID mapper script to customize the value of the NameID attribute returned in the SAML assertion per SP.
Demonstrate a NameID adapter
Before you try the example, configure single sign-on using SAML v2.0 with PingOne Advanced Identity Cloud as the hosted IDP.
The following example modifies the NameID attribute in the assertion on the remote SP:
|
Learn about NameID mapper scripts from the following resources:
|
Create the script
-
Under Native Consoles > Access Management, go to Realms > Realm Name > Scripts, and click +New Script.
-
Enter a unique name for your script, select
Saml2 NameID Mapperfrom the Script Type drop-down list, and click Create.The NameID mapper script type is a next-generation script only. -
In the JavaScript field, write a script to set a custom value for the NameID attribute. For example, the following script replaces instances of
.comwith.orgin a user’s email address. Alternatively, uncomment the call togetIdentityNameIDto set NameID to the user’s first and last name./* * Retrieve nameID value from Java plugin and modify */ function getModifiedNameID() { var nameIDValue = nameIDScriptHelper.getNameIDValue(); if (nameIDValue.includes(".com")) { return nameIDValue.replace(".com", ".org"); } return nameIDValue; } /* * Use identity binding to gather attributes */ function getIdentityNameID() { var givenName = identity.getAttributeValues("givenName")[0]; var lastName = identity.getAttributeValues("sn")[0]; return givenName + "_" + lastName; } getModifiedNameID(); //getIdentityNameID(); -
Save your changes and close the editor.