SAML communication occurs via request and response packets between an identity provider and a service provider. This article addresses how to provide user data within the response packets. The configuration will be done through portal-ext.properties.
Affected Products
Liferay Connector to SAML 2.0 for Liferay Portal 6.1 EE GA2/GA3 and 6.2 EE.
Resolution
1. Setup two Liferay portals where one is the IdP and the other is the SP.
The IdP is running in http://alpha.test.com:8080 with entityId liferaysamlidpdemo and the SP is running http://www.able.com:9080 with entityId liferaysamlspdemo.
2. Configure the IdP (in portal-ext.properties).
saml.enabled=true
saml.role=idp
saml.entity.id=liferaysamlidpdemo
saml.require.ssl=false
saml.sign.metadata=true
saml.idp.authn.request.signature.required=true
saml.keystore.path=${liferay.home}/data/keystore.jks
saml.keystore.password=liferay
saml.keystore.type=jks
saml.keystore.credential.password[liferaysamlidpdemo]=liferay
saml.metadata.paths=http://www.able.com:9080/c/portal/saml/metadata
saml.idp.metadata.attributes.enabled[liferaysamlspdemo]=true
saml.idp.metadata.attribute.names[liferaysamlspdemo]=emailAddress,screenName,firstName,lastName,expando:myCustomAttribute
3. Configure the SP (in portal-ext.properties). Notice that the value of myCustomAttribute expando attribute as lastName for the user.
saml.enabled=true
saml.role=sp
saml.entity.id=liferaysamlspdemo
saml.require.ssl=false
saml.sign.metadata=true
saml.keystore.path=${liferay.home}/data/keystore.jks
saml.keystore.password=liferay
saml.keystore.type=jks
saml.keystore.credential.password[liferaysamlspdemo]=liferay
saml.metadata.paths=http://alpha.test.com:8080/c/portal/saml/metadata
saml.sp.default.idp.entity.id=liferaysamlidpdemo
saml.sp.user.attribute.mappings=screenName=screenName\nemailAddress=emailAddress\nfirstName=firstName\nmyCustomAttribute=lastName