For completing social authentication, Identity Server maps the social attribute value in token to the local user attribute value. The local attribute must be set in the following format:
<socialprovidername>:<social attribute value>
For example, consider that the social authentication class properties are set as follows:
Identify User Locally: Selected
Local User LDAP attribute: Ldap Attribute:mail
Social User Attribute: Email
Auto Provision User: Selected
Social Auth Provider: Facebook
As the Auto Provision User setting is enabled, after authentication in Facebook, the user is asked for a one-time local login. During this process, this user's mail attribute is updated with the social attribute value as facebook:<social-email-address>. Subsequent logins from the same user will be seamless and user will be identified automatically.
If Auto Provision User setting is disabled, Access Manager will verify if the local user LDAP attribute mail value is facebook:<social-email-address> for the authentication to succeed.
IMPORTANT:The attribute value is set with the provider's name.