Configuration to Not to allow IDP to update UAA User #3281
Comments
cf-foundation-community-automation
bot
moved this to Inbox
in Foundational Infrastructure Working Group
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are using UAA 76.5 version (with PostgreSQL) and have integrated with Azure B2C as the Identity provider.
The authentication works fine but the problem is on getting the callback from B2C to UAA --> user attributes family_name and given_name gets updated in UAA (that we do not want).
We have other process to update the user profiles in UAA , and we do not want any user data to get updated as part of authentication process via IDP integration. Email is the only common attribute Azure B2C and UAA user profile. Azure B2C - does not hold any family name or given name information and thus when call back happens - in UAA - user`s family_name and given_name gets set to NULL.
Please advise if there is any configuration we can use in yml to achieve this ? Below is our login.yml configuration
microsoftb2c:
type: oidc1.0
authUrl: https://testabccppd.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_122_signinup_en
tokenUrl: https://testabccppd.onmicrosoft.com/oauth2/v2.0/token?p=b2c_122_signinup_en
tokenKeyUrl: https://testabccppd.onmicrosoft.com/discovery/v2.0/keys?p=b2c_122_signinup_en
issuer: https://testabccppd.onmicrosoft.com/*******/v2.0/
scopes:
- openid
responseType: code
addShadowUserOnLogin: false
relyingPartyId: ******************
skipSslValidation: true
attributeMappings:
user_name: extension_username
Thanks for your help.
The text was updated successfully, but these errors were encountered: