Azure attributes show URLs instead of friendly names in SimpleSAMLphp

Question

I am new to SAML and Azure but I need to integrate my PHP web application with Azure and I do not understand how the Azure name attributes (claims?) are working with simpleSAMLphp.

Problem 1 - attributes from Azure are hard to read

This is a returned dataset from Azure - the attributes are named as HTTP URLs:

I can somehow view the purpose of each attribute in the URL but is there a way to show a shorter and more friendly name? Is the friendly names something that should be provided by our Azure team or is there a standard translation that can be done?

Problem 2 - I cannot read all Azure provided attributes/claims

I have been told by our Azure team that they have provided me with more attributes than what is visible in the above picture - e.g. our organization, title and more and they have sent this picture as a proof to me:

This seems to be a weird mix of URLs and friendly names/descriptions but I seem not able to read all Azure attributes from simpleSAMLphp!? Do I need to read the (extra?) attributes in another way than $azure->getAttributes();?

What I have tried

I have (among others) used this guide for setting up simpleSAMLphp, https://www.lewisroberts.com/2015/09/05/single-sign-on-to-azure-ad-using-simplesamlphp/ and that guide refers to the below setup, which I have included in \config\authsources.php:

'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'simplesaml.nameidattribute' => 'eduPersonTargetedID',

But to be honest then it confuses me, if this is relevant or not.

I have also viewed How do I map attributes returned by an IDP to friendly names inSimpleSAMLphp? which gets close to my problem but I did not get any closer to a solution.

Any hints or help would really be appreciated :-) My guess is that it is not possible to get friendly names/claims and that our Azure team will need to fix the missing attributes/claims but I do not have any solid evidence for proving this.

Answer 1

After more time spent on this and some trial-and-error from our IT department then everything has now been fixed.

It WAS in fact a faulty Azure configuration that did not send the attributes and the weird names/claims could also easily be "translated" by Azure in to short meaningful and friendly names.

This is what I wanted from the beginning:

It still show the weird names for tenantid etc. but I don't care for that as I do not use that. I assume this is some standard attributes being sent from Azure.

The Azure "claims" now looks like this:

Also it was not mentioned by our IT guys but even if they state that it has been fixed then please await for some time before testing as it will take some time from applying the change until it is effective in Azure. At least I noticed it could take 15-30 minutes for adding new attributes though the change of attribute names was done almost instantly.