Mapping Settings

Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

Mapping Settings

This tab allows you to send user attributes to the Service Provider in the SAML response. Using this tab, you can define which Drupal user information (such as username, email, and other profile fields) should be shared with the SP as part of the SAML response.

NameID Attribute

NameID is the unique identifier for a user in the SAML response. By default, the module sends the user’s email address as the NameID value. If required, you can configure the NameID to use the Drupal Username instead.
For that, navigate to the Mapping tab of the module.
Select either Drupal Email Address or Drupal Username from the NameID Attribute dropdown.

Basic Attribute Mapping

This mapping allows you to send basic user attributes such as email, username, and user roles in the SAML response.

Procedure

To configure this, go to the Mapping → Basic Attribute Mapping section.
Now, enter the name of the attribute in the Attribute Name text field and select a value from the Select Attribute Value dropdown.

Example

Here, we want to send the user name and role in the SAML response to the Service provider.
In the Basic Attribute Mapping configuration setup, we setup the following mapping:
- For Name
  - Attribute Name: name
  - Attribute Value: Username
- For role:
  - Attribute Name: role
  - Attribute Value: User Roles
With this, when the user performs SSO, the IdP will send these attributes in the SAML response.
- name: admin
- role: Administrator

Additional User Attributes

Use this mapping to send any additional user attributes in the SAML response, beyond the basic attributes. This mapping includes all available Drupal user profile fields and custom user fields, allowing you to share extra user information with the Service Provider.

Procedure

To configure this, go to the Mapping → Additional User Attributes.
Now, enter the name of the attribute in the Attribute Name text field and select a value from the Drupal Field Machine Name dropdown.
Example
Here, we want to send the additional attribute that is the First Name in the SAML response to the Service provider.
In the Additional User Attribute configuration setup, we setup the following mapping:
- Attribute Name: First Name
- Drupal Field Machine Name: field_fname
With this, when the user performs SSO, the IdP will send first name attribute in the SAML response.
- First Name: admin

Constant Attributes

This feature allows you to send constant attributes in the SAML response. These attributes will have the same fixed value for all users, regardless of who performs SSO. Constant attributes are useful when the Service Provider (SP) requires a specific attribute value that does not change according to the users.

Procedure

To configure this, go to the Mapping → Constant Attributes.
Now, enter the name of the attribute in the Attribute Name text field and enter a value for that attribute in the Attribute Value text field.
Example
Let’s consider an example where your Service Provider requires the Organization Name to be sent in the SAML response for every user.
In the Constant Attributes section, configure the mapping as:
- Attribute Name: Organization Name
- Attribute Value: miniOrange
With this setup, the module sent the organization name attribute for all users in the SAML response, like:
- Organization Name: miniOrnage

Profile Module Attributes

This feature allows you to send Drupal Profile module fields as SAML attributes in the SAML response during SSO.
By mapping user information stored in custom profile fields to SAML attributes, you can ensure that the Service Provider receives complete and accurate user details during login. This is especially useful when important user information is stored in profile fields rather than in the default Drupal user account fields.

Prerequisites

Ensure that the Profile module is installed on your Drupal site and that you have created at least one profile type.

Procedure

Navigate to the Mapping → Profile Module Attributes.
Now, select the profile type from the Profile Type dropdown, then select a field from the Field Name dropdown and enter the name of the attribute in the Attribute Name field.

Example

Here, we have created a profile type Drupal Developer using the profile module. This profile contains details like Experience, and we will send this field as an attribute in the SAML response to the Service Provider.
In the Profile Module Attributes section, configure the mapping as:
- Profile Type: Drupal Developer
- Field Name: Experience
- Attribute Name: experience
With this configuration, module sent experience field as attribute in SAML response.
- Drupal_developer.experience: 8