SAML2 - User mapping issue

Hi everyone,

I have an on premise Orchestrator (2022.4.1) plugged to an IDP with SAML2 connection system activated.
Below my config file (injected in Identity appsettings.json) :

<?xml version="1.0" encoding="utf-8"?>

<configuration>
	<configSections>
		<section name="sustainsys.saml2" type="Sustainsys.Saml2.Configuration.SustainsysSaml2Section, Sustainsys.Saml2" />
	</configSections>

	<sustainsys.saml2 entityId="https://xxxx/identity" returnUrl="https://xxx/identity/externalidentity/saml2redirectcallback" minIncomingSigningAlgorithm="SHA1">

	<identityProviders>	
		<add entityId="https://myIDP" signOnUrl="https://myIDP/xxx" allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
			<signingCertificate storeName="My" storeLocation="CurrentUser" findValue="xxxxx" x509FindType="FindByThumbprint"/>
		</add>
	</identityProviders>
	</sustainsys.saml2>

</configuration>

I handled issues around certificate and configuration, and now I can confirm that my IDP is sending data correctly (thanks to SAML Tracer) to the orchestrator under that format :

<saml2:AttributeStatement>
            <saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
                             Name="cn"
                             NameFormat="SAML:2.0:attrname-format:unspecified"
                             >
                <saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">ID_XXX</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
                             Name="givenName"
                             NameFormat="SAML:2.0:attrname-format:unspecified"
                             >
                <saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">John</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
                             Name="mail"
                             NameFormat="SAML:2.0:attrname-format:unspecified"
                             >
                <saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">John.doe@xxx.com</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
                             Name="sn"
                             NameFormat="SAML:2.0:attrname-format:unspecified"
                             >
                <saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">Doe</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
                             Name="uid"
                             NameFormat="SAML:2.0:attrname-format:unspecified"
                             >
                <saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">ID_XXX</saml2:AttributeValue>
            </saml2:Attribute>
</saml2:AttributeStatement>

The Issue :
I have User login failed. (#216) when trying to connect, and the Orchestrator Event Log is throwing this error :

UiPath.IdentityServer.Web.Application.Services.ExternalUserMappingByEmail No email found inside the claims

Any idea how I can help the orchestrator to map data correctly ?

Hello @jflamen!

It seems that you have trouble getting an answer to your question in the first 24 hours.
Let us give you a few hints and helpful links.

First, make sure you browsed through our Forum FAQ Beginner’s Guide. It will teach you what should be included in your topic.

You can check out some of our resources directly, see below:

  1. Always search first. It is the best way to quickly find your answer. Check out the image icon for that.
    Clicking the options button will let you set more specific topic search filters, i.e. only the ones with a solution.

  2. Topic that contains most common solutions with example project files can be found here.

  3. Read our official documentation where you can find a lot of information and instructions about each of our products:

  4. Watch the videos on our official YouTube channel for more visual tutorials.

  5. Meet us and our users on our Community Slack and ask your question there.

Hopefully this will let you easily find the solution/information you need. Once you have it, we would be happy if you could share your findings here and mark it as a solution. This will help other users find it in the future.

Thank you for helping us build our UiPath Community!

Cheers from your friendly
Forum_Staff