PicketLink is not adding a custom attribute in SAMLResponse when a user logs in a second time from another machine

Solution Verified - Updated -

Issue

My user logs in twice to the IDP (different machines) and we do not get our custom attributes from PicketLink on the second login.

We have written our own AttributeManager as suggested in How can we add attributes to a SAML message (picketlink)

We then created a custom login module and deployed it on the PicketLink IDP server.
In the login module, we add a custom attribute to the session object, and then in the AttributeManager we read that attribute from the session, and add it as an attribute to the SAML message.

If a user logs in a second time (on another machine) we don't get this attribute delivered.

Environment

Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In