RE: When registration is updated ?

Do you know if some of fusionauth users are using Enterprise Application approach with OpenID Connect ?

With Azure AD, creating an application registration is the way to integrate a custom application (built by customers) in Azure AD. The way to integrate a SaaS is better using an Enterprise Application then SAML.
In screen shot, you can see some existing integrations with apps using Enterprise Application integration.
Moreover, sharing a client secret could be problematic for some customers.

!

With Azure AD

I would like to deploy fusionAuth instance for each company/customer. Do I need to pay one license by instance ?

Reconcile function comes with default implementation, defaultIfNull is defined in it:

  var getAttribute = function(samlResponse, attribute) {
    var values = samlResponse.assertion.attributes[attribute];
    if (values && values.length > 0) {
      return values[0];
    }

    return null;
  };

  // Retrieve an attribute from the samlResponse
  // - Arguments [2 .. ] provide a preferred order of attribute names to lookup the value in the response.
  var defaultIfNull = function(samlResponse) {
    for (var i=1; i < arguments.length; i++) {
      var value = getAttribute(samlResponse, arguments[i]);
      if (value !== null) {
        return value;
      }
    }
  };

In this lambda, I added a fixed value in user.data.fixed and same in registration.data.fixed. But jwt populate lambda cannot see this value.

In fact, I can see log event for jwt populate lambda, but not log event for SAML v2 IdP Response Debug Log. It looks like that my user is registered one time only.

FusionAuth version: 1.24.0

In saml response debug, I can see one group:
<Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups">
<AttributeValue>9bb8b8b2-e63a-48fe-9582-1001611d4888</AttributeValue>
</Attribute>

My saml reconcile lambda:

function reconcile(user, registration, samlResponse) {
// as default and add
user.data = user.data || {};
 user.data.groups = defaultIfNull(samlResponse, 'http://schemas.microsoft.com/ws/2008/06/identity/claims/groups', 'groups') || [];  
  
 registration.data = registration.data || {};  
 registration.data.groups = defaultIfNull(samlResponse, 'http://schemas.microsoft.com/ws/2008/06/identity/claims/groups', 'groups') || [];

My jwt populate lambda:

function populate(jwt, user, registration) {
  jwt.groups = registration.data.groups;
}

Finally my jwt.groups is empty, and registration.data is empty (user.data is empty too).

Thanks Dan

I need to get groups of user from my SAML Response, and set it in my JWT token. But my lambda SAML reconcile function is not called for each login process. Is it normal ?

Hi, fusionauth provides an application example using Angular. This example contains a frontend part and a middleware with nodejs.
Is it possible to use only Angular without a middleware? And only pass JWT token to backend?