Rewrite uid in SAML SSO Authentication


We are on 8.2.2 and we need to update our login to replace - by _ .

We created a unauthenticated ruleset, changed the requestor type to use this ruleset but when we trace pySAMLWebSSOAuthenticationActivity we are not able to see anything.

Could you provide information on how we can do the change we need?

Thank you


Keep up to date on this post and subscribe to comments

August 14, 2019 - 6:32pm

To be more precise, uid is the field that contains the user identifier and it may contains -, as of today we are rewriting it on the IDP but we may have to change the IDP to another one that don't allow claims rewrite.

So we want to find a way to rewrite uid field to replace - by _.

The following isn't allowed on the mapping table :

Map from replaceAll(uid,"-","_") , Map to .pyUserIdentifier

By tracing the request we found that pyLoadSAMLAssertion is called to build D_SAMLAssertionDataPage but we don't know how we can overwrite it.

September 24, 2019 - 5:33am

Hi Loic,

You can use Mappings tab to map the IdP response attributes with Pega properties. Like, access group etc., However your current requirement is not possible with Mappings tab.

Can you please try by Saving the pyLoadSAMLAssertion  to your personal ruleset?

Warm regards,


September 24, 2019 - 5:51am


How could I implement my requirement with the Apply-Parse-XML that is setup in pyLoadSAMLAssertion   ?

Thank you,