SAP Knowledge Base Article - Preview

2927442 - XSUAA not populating first_name, last_name and mail in xs.user.attribute in the JWT


  • You have configured an external Identity Provider in the Trust Configuration of a Cloud Foundry account / XS Advanced system.
  • The identity provider sends the assertion attributes "first_name", "last_name" and/or "mail".
  • You have specified these IdP attributes in a role.
  • These attributes are not being populated (they are blank) in the xs.user.attribute property of the JWT token, after decoding it.



  • SAP Cloud Platform Cloud Foundry
  • SAP HANA Extended Application Services, Advanced model


SAP BTP, Cloud Foundry runtime and environment 1.0


xsa xs advanced cf scp , KBA , BC-CP-CF-SEC-IAM , UAA, Authentication, Authorization, Trust Mgmnt , BC-XS-SEC , UAA and Security for HANA XSA engine , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.