@dan Thank you for the help. Indeed it is not possible to assign a generated email in SAML reconcile lambdas. However, I found a solution for my problem.
Using SAML reconcile lambda, I create a new metadata field for the registration called "generated_email". Then, I assign it to the JWT response for the specific application using a JWT populate lambda. Example:
Edit: adding code for SAML reconcile lambda as well.
SAML reconcile:
function reconcile(user, registration, samlResponse) {
var userid=samlResponse.assertion.subject.nameID.id;
//registration.email = userid + '@subdomain.mydomain.com'; This can't be done yet
registration.data.generated_email=userid + '@subdomain.mydomain.com';
}
JWT populate:
function populate(jwt, user, registration) {
if(registration.data&®istration.data.generated_email){
var new_email= registration.data.generated_email;
jwt.email= new_email;
}else{
console.debug('No generated email set');
}
}
(after checking that it exists for the registration).
New problem: I need to make an API call inside the SAML reconcile. Is this possible?