...
- Home
- Managing Apps and SSO
- App Integration
- Current: Adding SAML Attribute Statements to SAML Connections
...
Home / Configuring SSO Connections / saml/ / Current: Adding SAML Attribute Statements to SAML Connections
In SAML transactions, identity providers make an assertion about an authenticated user's identity, encrypt and sign the assertion, and pass that data to a service provider. The service provider receives the assertion, validates and decrypts it, and makes an access control decision, granting or denying access to services as is appropriate.
One component of an assertion is the attribute statement. Attribute statements are sent from identity providers Identity providers send attribute statements to service providers to convey information about the subject of the assertion. The SAML specification allows for these attributes to be any type of agreed-upon information. Thus if you have a partnership with a service provider requiring a specific attribute be sent (such as a Person's EmployeeID), you must add a SAML Attribute Statement with the required SAML attribute in to your assertion.
In this topic we demonstrate how to add an attribute statement to an SSO connection by creating a new attribute statement for the connection, as well as and a new attribute for the attribute statement.
anchorTo add a SAML Attribute Statement to a SAML SSO Connection
From- In the Navigation Sidebar,
...
- expand Admin, then SSO Connections, and
...
- click SAML.
- Search for the SAML Connection to which you want to add the SAML attribute statement, click the drop-down arrow beside
...
- it and
...
- click Edit.
...
-
This opens the Edit page for the SSO Connection. From this page you can edit the properties of the connection.
...
- From the Connection Details page that appears, click the Attributes tab and do the following:
...
Select the Create a New SAML Attribute Statement and
...
Create a SAML Attribute checkboxes.
...
This opens the SAML Attribute dialog, where you enter
...
information for the attribute.
...
Info
...
In this dialog, the following
...
fields are the most
...
important:
- Name
...
- (required)- The name for the attribute.
...
- Display Name -
...
- The name that appears to users
...
- in EmpowerID
...
- .
- Mapped Attribute - Specifies whether the
...
- attribute is mapped to the value of an EmpowerID Person or account property.
...
If so, the attribute value stores the mapping formatted as:
{ComponentName.PropertyName}
...
- where ComponentName is
...
- a
- Person
- a
...
- PersonPrincipal (
...
- pared-down version of Person)
...
- Account
...
- AccountPrincipal (
...
- pared-down version of Account)
- and PropertyName is the mapped property on the component, such as EmployeeID
...
- Attribute Value -
...
- Specifies the value of the attribute being passed to the service provider.
For example, if
- Specifies the value of the attribute being passed to the service provider.
...
- your attribute
...
- is mapped to the EmployeeID of an EmpowerID Person, the value of this field
...
- is {Person.EmployeeID}.
- Format -
- is {Person.EmployeeID}.
...
- The format of the attribute as specified by the service provider. If the service provider has not specified a format
...
- , select Unspecified.
- Fill in the fields as
...
- needed and
...
- click Add to close the SAML Attribute dialog.
...
- Back in the main page, click Save.
| Info |
|---|
|
| |||