SAP Knowledge Base Article - Preview

2927442 - XSUAA not populating first_name, last_name and mail in xs.user.attribute in the JWT


  • You have configured an external Identity Provider in the Trust Configuration of a Cloud Foundry account / XS Advanced system.
  • The identity provider sends the assertion attributes "first_name", "last_name" and/or "mail".
  • You have specified these IdP attributes in a role.
  • These attributes are not being populated (they are blank) in the xs.user.attribute property of the JWT token, after decoding it.



  • SAP Cloud Platform Cloud Foundry
  • SAP HANA Extended Application Services, Advanced model


SAP BTP, Cloud Foundry environment 1.0


xsa xs advanced cf scp , KBA , BC-CP-CF-SEC-IAM , UAA, Authentication, Authorization, Trust Mgmnt , BC-XS-SEC , UAA and Security for HANA XSA engine , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.