Splunk AppDynamics
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SAML Attributes don't get updated in the Controller

CommunityUser
Splunk Employee
Splunk Employee
‎09-14-2018 04:08 AM

We added the SAML Authentication Provider to our AppDynamics Controller. When a user logs in for the first time the SAML Attributes get mapped to the AppDynamics Attributes Username, Display Name, and Email.

Changes to Display Name or Email in the IdP don't get updated in AppDynamics, even if the Attributes in the SAML Response are correct.

Is there a way to force an update to the user attributes? Or is it possible to delete a user and recreate it with the next login?

Labels (3)
0 Karma
Reply

Pratik_Maskey
Communicator
‎09-17-2018 05:10 AM

Hi,

Once you login user will be created in the system. If you change any of the attributes it will create a new user. You can delete an existing user with the REST API.

Please refer following document and below description -

https://docs.appdynamics.com/display/PRO45/RBAC+API#RBACAPI-DeleteUser

curl -X DELETE -u user1@customer1 http(s)://<controller-host>:<controller-port>/controller/api/rbac/v1/users/<user-id>


Replace user1 with your Admin user, customer1 with your account name, <controller-host> with the actual host and <controller-port> with the actual port.
Replace the <user-id> with the ID which you want to delete.

To get the User ID run the following query.

Select id, name, email, security_provider_type from user where name=<user-name> and account_id=2 and security_provider_type = 'SAML';

Replace <User-name> with the name of the user which you want to delete. The above query will return the Id of the user, use that ID and execute the rest API.

- Thanks

Reply

CommunityUser
Splunk Employee
Splunk Employee
‎09-18-2018 12:07 AM

Hello,

Thank you for your answer. The way to delete a SAML users really helped. 

But Appdynamics does not create a new user when an attribute is changed. It just ignores it.

The SAML Attribute in the ticket looks like this:

<saml:Attribute FriendlyName="lastname" Name="lastname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">"NAME1"</saml:AttributeValue>

if i change the name from "NAME1" to "NAME2" AppDynamics still shows the old name and no new user is created.

And even if it did this would lead to a lot of Problems - there could be multiple users with the same username and password.

Thanks

0 Karma
Reply

Yogesh_Chouk
Builder
‎09-19-2018 04:06 AM

Hi Kai,

The new user is created in the AppDynamics database once the user is logged in, did you try to login after the login? Let me know if we can have a call to discuss the issue.

Thanks,

Yogesh

0 Karma
Reply

CommunityUser
Splunk Employee
Splunk Employee
‎09-19-2018 05:13 AM

Hello Yogesh,

i opened a ticket in the Support Portal. It is easier to send Screenshots and SAML Responses there.

Thanks,

Kai

0 Karma
Reply

Yogesh_Chouk
Builder
‎09-19-2018 05:18 AM

Thank you

0 Karma
Reply

Ross_Flemer
New Member
‎12-27-2019 12:54 PM

Did AppDynamics ever fix the code?  We are running OnPrem on version 4.3.3.

We just implemented the use of SAML on our Dev Controller.  We have three controllers (Dev, QA, Prod).  My first time logging in, using SAML, the attributes were incorrect, so SAML passed through userid to the Name and User fields.  I've since correct it, and the key field (username) is correct, but the name field (full name) is still my userid.  Does AppD have any plans to fix this and update the fields with what SAML is passing through?

What if someone in my org gets married, changes her last-name, legally, then gets her name changed in our company?  Will she still be known as her maiden last name, in AppD?  The way it's coded in AppD her last name will never change.  And if it does, a new user will not be created.   

Based on what I read in this thread the issue still exists.

I'm aware I can use a curl command to delete the user.  It's not a preferred solution, but I'm sure it works.

Ross Flemer

Aetna/CVS

0 Karma
Reply

iamryan
Community Manager
Community Manager
‎01-02-2020 03:10 PM

Hello, 

I spoke with some people and was told this, we do sync the SAML attributes on subsequent logins. this was implemented with version 4.5 of the controller."

0 Karma
Reply
Get Updates on the Splunk Community!

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...