This article explains why the following error message occurs when an end user attempts to sign in via an OpenID Connect (OIDC) Enterprise connection. This issue occurs when an Identity Provider (IdP) sends a claim value, such as a group name, that contains specific special characters.

Error transforming template

• OpenID Connect (OIDC)
• Enterprise Connections
• Attribute Mapping
• Claim Values

The user mapping process fails under the following conditions:

• The user_map mapping mode does not support claim values containing special characters such as double quotes ("), backslashes (\), forward slashes (/), or colons (:). These characters can break the JSON transformation process.
• The IdP does not provide an attribute that is expected in the user mapping configuration, which may also trigger a related warning: Error transforming template due to missing keys from IdP context.
• The mapping template uses reserved names, such as the user_id attribute, which cannot be mapped.

1. To resolve this issue, ensure that all claim values and mapping configurations adhere to supported formats:

   1. Identify the specific claim or group name containing restricted characters (, ", /, :) or verify if an expected attribute is missing from the IdP response.

   2. Sign in to the IdP administrative console.

   3. Locate the affected user profile or group settings.

   4. Remove restricted special characters from the attribute value.

   5. Ensure the user_id attribute is not being used in the mapping template.

   6. Confirm that all attributes defined in the user mapping configuration are being sent by the IdP.

   7. Attempt to sign in again to verify the transformation is successful.