I have been using SAML with my Mendix apps and things are working well. I will map the user’s email to the Administration.Account.Email. I’ve also tried it with the user’s SYstem.User.Name (which is their email as well). Both seem to work. However, we have some users’ who’s emails have the first letter of their first and last name capitalized and they get an error. For example. John.Doe@mycompany.com What happens is I’ll either create and account for them or just in time provisioning will create an account for them. Upon the first try, it will work and their email will in the admin account eneity will be stored as firstname.lastname@example.org, but the next time they authenticate via SSO, their email suddently changes in Mendix to John.Doe@mycompany.com and then it will still work. The third time they hit it, they’ll get an error, as if SAML can’t match them because of this capitalization. Everyone else who doesn’t have capitalization in their email addresses is fine, but those that do seem to follow this pattern. SO two questions Why is the SAML module changing the email address of a user that is ALREADY provisioned Why is SAML failing when users have capitalization in their emails? If it helps, we use Azure AD
When the claim for the user first is recieved is the email then recieved as capatilized and then stored in all lowercase?
Maybe there is some issue in the java code that will create the user using lowercase and on a second login the code will update the user without the lowercase function. If this is done after the user is logged in then the second attempt will be succesfull but subsequent tries will fail.
I suggest to have a look through the java code for this module and see if something like this is happening.