NimbostratusSAML Attributes require String type
I am doing a SAML Integration with Tableau Server.
Actually Tableau is unable to read my username attribute, because it is missing
xsi:type="xs:string"
https://help.tableau.com/current/server-linux/en-us/saml_requ.htm#xml_requirements
Their documentation say: "You must configure the IdP to return an assertion that includes the username attribute in the saml:AttributeStatement element. The assertion’s attribute type must be xs:string (it should not be typed as xs:any)."
They required this:
saml:AttributeStatement>
<saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
user-name
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
and for now F5 SAML return this:
<saml2:AttributeStatement>
<saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Name="username"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml2:AttributeValue xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">user-name</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
Another example is using OKTA as an IDP , it return this and it works:
<saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Attribute Name="username"
NameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
>
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>user-name</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
How can I do this with F5, we are using Big-IP release 14
I need to find a way to add
xsi:type="xs:string"
to the username attribute.
I do not see any way to do this from the SAML Attributes in Edit IDP Service
Thank,
