Controller (SaaS, On Premise)

cancel
Showing results for 
Search instead for 
Did you mean: 

SAML Attributes don't get updated in the Controller

SAML Attributes don't get updated in the Controller

We added the SAML Authentication Provider to our AppDynamics Controller. When a user logs in for the first time the SAML Attributes get mapped to the AppDynamics Attributes Username, Display Name, and Email.

 

Changes to Display Name or Email in the IdP don't get updated in AppDynamics, even if the Attributes in the SAML Response are correct.

 

Is there a way to force an update to the user attributes? Or is it possible to delete a user and recreate it with the next login?

SAML Attributes don't get updated in the Controller
5 REPLIES
Employee

Re: SAML Attributes don't get updated in the Controller

Hi,

 

Once you login user will be created in the system. If you change any of the attributes it will create a new user. You can delete an existing user with the REST API.

 

Please refer following document and below description -

https://docs.appdynamics.com/display/PRO45/RBAC+API#RBACAPI-DeleteUser

 

curl -X DELETE -u user1@customer1 http(s)://<controller-host>:<controller-port>/controller/api/rbac/v1/users/<user-id>


Replace user1 with your Admin user, customer1 with your account name, <controller-host> with the actual host and <controller-port> with the actual port.
Replace the <user-id> with the ID which you want to delete.

To get the User ID run the following query.

Select id, name, email, security_provider_type from user where name=<user-name> and account_id=2 and security_provider_type = 'SAML';

Replace <User-name> with the name of the user which you want to delete. The above query will return the Id of the user, use that ID and execute the rest API.

 

- Thanks



Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.

Re: SAML Attributes don't get updated in the Controller

Hello,

 

Thank you for your answer. The way to delete a SAML users really helped. 

But Appdynamics does not create a new user when an attribute is changed. It just ignores it.

The SAML Attribute in the ticket looks like this:

<saml:Attribute FriendlyName="lastname" Name="lastname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">"NAME1"</saml:AttributeValue>

if i change the name from "NAME1" to "NAME2" AppDynamics still shows the old name and no new user is created.

And even if it did this would lead to a lot of Problems - there could be multiple users with the same username and password.

 

Thanks

Employee

Re: SAML Attributes don't get updated in the Controller

Hi Kai,

 

The new user is created in the AppDynamics database once the user is logged in, did you try to login after the login? Let me know if we can have a call to discuss the issue.

 

Thanks,

Yogesh



Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.

Re: SAML Attributes don't get updated in the Controller

Hello Yogesh,

 

i opened a ticket in the Support Portal. It is easier to send Screenshots and SAML Responses there.

 

Thanks,

Kai

Employee

Re: SAML Attributes don't get updated in the Controller

Thank you



Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.