Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
0
Replies

SSO email attribute not returned from userinfo call

placey
Level 1
Level 1

‎11-08-2023 11:56 AM

I am implementing support for Duo in my web app as an OIDC IdP. I have implemented the necessary code and set up a free account that links to Azuere AD as a SAML provider.

I can authenticate against Duo, use the authorization code to get a token, and use the token to get the user info, but the only data that is returned is:

 

 

 

 

     "family_name" => "Lacey",
     "given_name" => "Peter",
     "name" => "Peter Lacey",
     "sub" => "06166f708a1c12351d8909fd587fb9e3722d10b9722cb6775caef6c9dd7ecfbe",
     "user" => "placey"

 

 

 

 

I have verified that I include 'email' in the scope parameter, along with openid and profile. I have verified that I have mapped the 'Email' claim (capitalized) to the 'user.mail' value in Azure. And I have verified that the app integration has the email scope checked and maps <Email Address> IdP attribute to the 'email' claim.

Any idea what I'm missing here?

0 Helpful
0 Replies 0
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents