From 7d81bf0a9e3a2c4e1020fcb8d4522bd6eeadcc54 Mon Sep 17 00:00:00 2001 From: Deepak Prabhakara Date: Fri, 21 Mar 2025 21:21:59 +0000 Subject: [PATCH 1/8] added docs for data mapping of SAML provider --- docs/kratos/organizations/organizations.mdx | 29 +++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx index 8011d8226..2ee0f6494 100644 --- a/docs/kratos/organizations/organizations.mdx +++ b/docs/kratos/organizations/organizations.mdx @@ -348,6 +348,35 @@ curl -X PATCH --location "https://api.console.ory.sh/projects/$PROJECT_ID" \ The SAML application callback URL to set at our SAML Identity Provider is: `https://api.console.ory.sh/saml/api/oauth/saml` +#### Data Mapping + +You can configure the mapping of SAML attributes to Ory's identity schema using Jsonnet. All custom SAML attributes defined at +the Identity Provider (IdP) will be available in the `raw_claims` object within claims. These attributes can then be mapped to +the Ory identity schema. + +:::note + +Important: Ensure that the appropriate identity schema is created before mapping attributes. The email attribute is natively +available in `claims.email`, everythign else is nested under `claims.raw_claims`. + +::: + +Example: Mapping `firstName` and `lastName` from the SAML Identity Provider to the Ory identity schema (traits) + +```jsonnet +local claims = std.extVar('claims'); + +{ + identity: { + traits: { + email: claims.email, + [if std.objectHas(claims, "raw_claims") && std.objectHas(claims.raw_claims, "firstName") then "firstName" else null]: claims.raw_claims.firstName, + [if std.objectHas(claims, "raw_claims") && std.objectHas(claims.raw_claims, "lastName") then "lastName" else null]: claims.raw_claims.lastName, + }, + }, +} +``` + ### SAML via BoxyHQ :::note From 3fb48d51e9994fb98d2c8197a4e99b62e07f2091 Mon Sep 17 00:00:00 2001 From: Deepak Prabhakara Date: Fri, 21 Mar 2025 21:32:55 +0000 Subject: [PATCH 2/8] formatting --- docs/kratos/organizations/organizations.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx index 2ee0f6494..63ce87753 100644 --- a/docs/kratos/organizations/organizations.mdx +++ b/docs/kratos/organizations/organizations.mdx @@ -350,9 +350,9 @@ The SAML application callback URL to set at our SAML Identity Provider is: `http #### Data Mapping -You can configure the mapping of SAML attributes to Ory's identity schema using Jsonnet. All custom SAML attributes defined at -the Identity Provider (IdP) will be available in the `raw_claims` object within claims. These attributes can then be mapped to -the Ory identity schema. +You can configure the mapping of SAML attributes to Ory's identity schema using Jsonnet. All custom SAML attributes defined at the +Identity Provider (IdP) will be available in the `raw_claims` object within claims. These attributes can then be mapped to the Ory +identity schema. :::note From 45b16bfe8c95fc98f7ebb583eba96ab83422190b Mon Sep 17 00:00:00 2001 From: Deepak Prabhakara Date: Tue, 25 Mar 2025 09:03:07 +0000 Subject: [PATCH 3/8] fixed typo --- docs/kratos/organizations/organizations.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx index 63ce87753..9d1beda72 100644 --- a/docs/kratos/organizations/organizations.mdx +++ b/docs/kratos/organizations/organizations.mdx @@ -357,7 +357,7 @@ identity schema. :::note Important: Ensure that the appropriate identity schema is created before mapping attributes. The email attribute is natively -available in `claims.email`, everythign else is nested under `claims.raw_claims`. +available in `claims.email`, everything else is nested under `claims.raw_claims`. ::: From e60f92c69b9b2717496019b09218a8103a42f85c Mon Sep 17 00:00:00 2001 From: Deepak Prabhakara Date: Tue, 25 Mar 2025 11:57:01 +0000 Subject: [PATCH 4/8] tweak to text --- docs/kratos/organizations/organizations.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx index 9d1beda72..3a48e8962 100644 --- a/docs/kratos/organizations/organizations.mdx +++ b/docs/kratos/organizations/organizations.mdx @@ -351,8 +351,8 @@ The SAML application callback URL to set at our SAML Identity Provider is: `http #### Data Mapping You can configure the mapping of SAML attributes to Ory's identity schema using Jsonnet. All custom SAML attributes defined at the -Identity Provider (IdP) will be available in the `raw_claims` object within claims. These attributes can then be mapped to the Ory -identity schema. +Identity Provider (IdP) will be available in the `raw_claims` object within `claims`. These attributes can then be mapped to the +Ory identity schema. :::note From e2d6a97526e2022ff93d48dafd31265ecd6bb489 Mon Sep 17 00:00:00 2001 From: Vincent Date: Tue, 25 Mar 2025 12:26:50 -0300 Subject: [PATCH 5/8] chore: apply suggestions from code review --- docs/kratos/organizations/organizations.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx index 3a48e8962..63de43a53 100644 --- a/docs/kratos/organizations/organizations.mdx +++ b/docs/kratos/organizations/organizations.mdx @@ -348,7 +348,7 @@ curl -X PATCH --location "https://api.console.ory.sh/projects/$PROJECT_ID" \ The SAML application callback URL to set at our SAML Identity Provider is: `https://api.console.ory.sh/saml/api/oauth/saml` -#### Data Mapping +#### Data mapping You can configure the mapping of SAML attributes to Ory's identity schema using Jsonnet. All custom SAML attributes defined at the Identity Provider (IdP) will be available in the `raw_claims` object within `claims`. These attributes can then be mapped to the From 52e1309feaf51246cfc17c83885b665857adfde1 Mon Sep 17 00:00:00 2001 From: Deepak Prabhakara Date: Sat, 29 Mar 2025 01:38:54 +0000 Subject: [PATCH 6/8] code review suggestion Co-authored-by: Vincent --- docs/kratos/organizations/organizations.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx index 63de43a53..ed339e7f6 100644 --- a/docs/kratos/organizations/organizations.mdx +++ b/docs/kratos/organizations/organizations.mdx @@ -354,9 +354,9 @@ You can configure the mapping of SAML attributes to Ory's identity schema using Identity Provider (IdP) will be available in the `raw_claims` object within `claims`. These attributes can then be mapped to the Ory identity schema. -:::note +:::warning -Important: Ensure that the appropriate identity schema is created before mapping attributes. The email attribute is natively +Ensure that the appropriate identity schema is created before mapping attributes. The email attribute is natively available in `claims.email`, everything else is nested under `claims.raw_claims`. ::: From ac84c574d19e72c61053b821cddd15ea646e19dd Mon Sep 17 00:00:00 2001 From: Deepak Prabhakara Date: Sat, 29 Mar 2025 01:39:13 +0000 Subject: [PATCH 7/8] code review suggestion Co-authored-by: Vincent --- docs/kratos/organizations/organizations.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx index ed339e7f6..4aad5e90a 100644 --- a/docs/kratos/organizations/organizations.mdx +++ b/docs/kratos/organizations/organizations.mdx @@ -361,7 +361,9 @@ available in `claims.email`, everything else is nested under `claims.raw_claims` ::: -Example: Mapping `firstName` and `lastName` from the SAML Identity Provider to the Ory identity schema (traits) +#### Example SAML data mapping + +Mapping `firstName` and `lastName` from the SAML Identity Provider to the Ory identity schema (traits). ```jsonnet local claims = std.extVar('claims'); From f6b0ee332be92643347615c07528405f5debd930 Mon Sep 17 00:00:00 2001 From: Deepak Prabhakara Date: Sat, 29 Mar 2025 01:41:58 +0000 Subject: [PATCH 8/8] format --- docs/kratos/organizations/organizations.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/kratos/organizations/organizations.mdx b/docs/kratos/organizations/organizations.mdx index 4aad5e90a..5bb8615b2 100644 --- a/docs/kratos/organizations/organizations.mdx +++ b/docs/kratos/organizations/organizations.mdx @@ -356,8 +356,8 @@ Ory identity schema. :::warning -Ensure that the appropriate identity schema is created before mapping attributes. The email attribute is natively -available in `claims.email`, everything else is nested under `claims.raw_claims`. +Ensure that the appropriate identity schema is created before mapping attributes. The email attribute is natively available in +`claims.email`, everything else is nested under `claims.raw_claims`. :::