I have a simple SpringBoot web app authenticating against Okta using Saml, works fine.
However I’d like Okta to return the group(s) that a user belongs to, this doesn’t seem to work for me.
In Spring it’s referred to as the Authorities but this isn’t being filled for me.
Do I have to configure anything extra to return the group(s) in a variable?
I saw an edit screen for " Group Attribute Statements (optional)", is this what I should be looking at?
Does this value get used in the profile mapping or is that something different?
With OIDC, you can add a “groups” claim that will be in your ID token. You’ll need a developer account from https://developer.okta.com to use OIDC.
Navigate to API > Authorization Servers , and click on the default server. Click the Claims tab and Add Claim . Name it groups , and include it in the ID Token. Set the value type to Groups and set the filter to be a Regex of .* . Click Create .
You would need to implement your ‘SAMLUserDetailsService’ that would return the corresponding ‘UserDetail’ instance with the rights ‘Authorities’ granted to the user.
You would need to pass list of groups using ‘Group Attribute Statements’ in Okta.
Then, you would have to retrieve the list of groups from the SAMLCredential (something like String[] str = credential.getAttributeAsStringArray("groups") and you would have to map these values with the list of authorities defined in your application.
