Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs

    UNSOLVED SAML response from Google Workspace- Picture field ??

    Q&A
    2
    4
    212
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      leandro.menagonzalez last edited by

      Hi, we are using the SAML2 IdP, to federate the authentication to Google Workspace where it maintains the user's organizational information, however in the SAML Response attributes the profile image field is not present. How can we get the url of the image?

      joshua 1 Reply Last reply Reply Quote 0
      • joshua
        joshua @leandro.menagonzalez last edited by

        Hi @leandro-menagonzalez

        Thanks for the question. If I am understanding correctly, if you are expecting a certain attribute to be returned in an AuthN response, this would require additional configuration on the part of Google. Is there a configuration tool on that side to add an additional attribute to be sent in an AuthN response?

        Thanks,
        Josh

        L 1 Reply Last reply Reply Quote 0
        • L
          leandro.menagonzalez @joshua last edited by

          hi @joshua , we need a special attribute from Response SAML of Google Workspace, the URLImage profile.

          Since, on the contrary, the Google IdP that uses fusionAuth incorporates basic user information into its Scope (with the profile urlImage), however it does not contain organizational information.

          joshua 1 Reply Last reply Reply Quote 0
          • joshua
            joshua @leandro.menagonzalez last edited by

            @leandro-menagonzalez Sorry - I was traveling for a bit and then under the weather.

            Were you able to resolve this?

            If not, my understanding is that this would be a mapping problem. Essentially, Google would have to be instructed to send over a profile pic url, and FusionAuth would consume that in the AuthN response. Further, a reconcile lambda can be used to grab this URL attribute and store on the user, etc. Let me know if I am misunderstanding the issue.

            Josh

            1 Reply Last reply Reply Quote 0
            • First post
              Last post