How do I dynamically update an SP profile using an external IdP?

I have an external Idp integrated with an SP. A user who has an account on the Idp will have an account automatically created using SAML.
However if the user changes any of their profile attributes on the Idp they are not updated the next time they sign-in to the SP if they already have an account. I can see the updated attributes being passed in the SAML response. How do I configure the SP to update the attributes automatically when a user signs in?

1 Like

The SP is on AM 7.2 for context.

Hi local.larry

As far as I know, there is no configuration option that would allow you to do this. Off the top of my head, I think there are two ways you could approach this:

  1. If you are using integrated mode (i.e. using the SAML2 authentication node) you could build the attribute update into the authentication tree. The values for those attributes should be set in shared state so you could access them from a subsequent node.
  2. If you are using standalone mode, you could implement the update in a custom SAML2ServiceProviderAdapter. This could be easier to implement on 7.3 as this is now a scriptable plugin.

I can’t say for certain that either one of these methods will actually work as I have never implemented this use case, but I’m fairly certain that they will work.