I’m feeling very dumb. I’ve been able to get the redirect-authenticate-redirect cycle working, but the “security assertion” (is that the right term?) that comes with the redirect back to my SP does not seem to have any user information in it. No username, email, eye color, favorite pizza topping…nothing.
there must be a place within the Okta UI where I can configure what information is to be returned, but I can’t find it.