Re: SAML RealName Alias

thormanrd · ‎02-05-2020

I have my Search Head Cluster authentication working with SAML intergration with our IdP. But currently our IdP sends our first, last names in two different Attributes, shown below...

        <saml:Attribute Name="FirstName"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                        >
            <saml:AttributeValue xmlns:q5="http://www.w3.org/2001/XMLSchema"
                                 p7:type="q5:string"
                                 xmlns:p7="http://www.w3.org/2001/XMLSchema-instance"
                                 >FIRSTNAME</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="LastName"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                        >
            <saml:AttributeValue xmlns:q6="http://www.w3.org/2001/XMLSchema"
                                 p7:type="q6:string"
                                 xmlns:p7="http://www.w3.org/2001/XMLSchema-instance"
                                 >LASTNAME</saml:AttributeValue>
        </saml:Attribute>

Is there a way in the SAML Configuration for RealName Alias to concatenate these two attribute/values?

thormanrd · ‎02-06-2020

I tried "LastName, FirstName" in the RealName Alias of the SAML configuration but that did not work. it didn't throw an error, just came up with a blank full name field in the user's profile.

frechetta93 · ‎07-23-2020

Did you ever get this solved? I have the same issue.

SAML RealName Alias

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation