I’m feeling very dumb. I’ve been able to get the redirect-authenticate-redirect cycle working, but the “security assertion” (is that the right term?) that comes with the redirect back to my SP does not seem to have any user information in it. No username, email, eye color, favorite pizza topping…nothing.
there must be a place within the Okta UI where I can configure what information is to be returned, but I can’t find it.
@Lijia - thanks for that. I should have mentioned that I’m using SAML2 (and learning it as I go).
If I turn on the “Classic UI” and go into my application, then go to the “SignOn” tab, I think I can find the metadata definitions that are supposed to define what “other” information is returned in the security assertion. (Am I correct so far?)
If I click on “View Setup Instructions”, there is some generated XML (which I think I can store in my service). There’s also a URL for “Identity Provider metadata” that also leads to some XML.
but I can’t figure out how to get that XML to change. There’s a link in there that says “Configure Profile Mapping”, but the pages under there don’t make any sense to me.
@ccurvey If you are using SAML2, please ignore the above doc as it is for OIDC.
You may open a support ticket through an email to support@okta.com. Our Tier 2 support engineer will help you take a look.