SAML v2 populate not working

tkates

I have FA configured as a SAML v2 IdP. I'm trying to update the user and/or registration objects via the populate lambda. Just doing something like this doesn't seem to have any affect...

function populate(samlResponse, user, registration) {
  user.mobilePhone = '444-123-4567';
  user.data.mobilePhone = '555-123-4567';
  registration.mobilePhone = '666-123-4567';
  registration.mobilePhone = '777-123-4567';
}

Is there a 'save' step that I'm missing or some other mechanism to get those changes to 'stick'?

tkates

that last line was supposed to be...

registration.data.mobilePhone = '777-123-4567';

mike.rudat

Hi @tkates,

The SAML v2 Populate Lambda is used to add additional values to the SAML response.

If you want to update the user and/or registration, then use the SAML v2 Reconcile Lambda.

Let me know if this helps.

Thank You,

Mike

tkates

@mike-rudat Thanks for the reply, Mike. I've read up on the SAML V2 Reconcile Lambda. It seems that you can only apply that to an IdP in Home -> Settings -> Identity Providers. I'm not using and IdP setup from Home -> Settings -> Identity Providers (should I be?).

So when I go to my application Home -> Applications, I see that I can set a Populate Lambda, but not a Reconcile Lambda.

So how do I assign a Reconcile Lambda to my application? Or, is that not the right way to do it?

mike.rudat

@tkates
I was thinking you had created a SAML v2 identity provider in FusionAuth which has a reconcile lambda.

Now, I understand that FusionAuth is configured as a SAML v2 IdP where FusionAuth is the system of record for the users. Thus, the application is setup as a SAML application using the SAML tab for the application which has the Populate Lambda.

Since that Lambda is for populating the SAML response, an option would be to use the Lambda HTTP Connect to update the user inside the populate lambda.