How to get

just a question want to ask:
set up a SAML application in Okta,
redirected the specified URL (single sign on URL),this step is OK.but how can the application get the login’s mail address . from cookie or from request?

Hi @zhaoqs

When configuring the SAML application in Okta, you can set up the Attribute Statements, for example

This will send the user’s email in a claim inside the SAML assertion. Your application can take the SAML response received from Okta, decode it and retrieve the user’s email.

If your users have the same value for email and username, you can skip the part above and retrieve the user’s email from NameID, provided they have the same username set inside the application.

Thank you very much for your reply.

But I also want to ask, after getting SAMLresponses from OKTA, in order to prevent SAMLresponses from being tampered with, is it necessary to verify it in the application? For example, whether the certificate is expires ,the verification of assertion ,and so on.