Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


...

importhttps://docs.empowerid.com/docs.css

In SAML transactions, identity providers make an assertion about an authenticated user's identity, encrypt and sign the assertion, and pass that data to a service provider. The service provider receives the assertion, validates and decrypts it, and makes an access control decision, granting or denying access to services as appropriate.

One component of an assertion is the attribute statement. Identity providers send attribute statements to service providers to convey information about the subject of the assertion. The SAML specification allows these attributes to be any type of agreed-upon information. Thus if you have a partnership with a service provider requiring a specific attribute to be sent (such as a Person's EmployeeID), you must add a SAML Attribute Statement with the required SAML attribute to your assertion.

In this topic, we demonstrate how to add an attribute statement to an SSO connection, and a new attribute for the attribute statement.

...

Add a SAML Attribute Statement to a SAML SSO Connection

  1. In

    On the

    navigation sidebar, expand Admin, then

    navbar, expand Apps and Authentication > SSO Connections, and click SAML.

  2. Search for the SAML Connection to which you want to add the SAML attribute statement

    ,

    and click the

    drop-down arrow beside it, and then click Edit

    Display Name link for it

    Image RemovedImage Added

  3. This opens

    On the

    Edit

    Connections Details page

    for the SSO Connection. From this page you can edit the properties of the connection.
    Image Removed
    From the edit page

    , click the Display Name link to put the connection in Edit mode.

    Image Added

  4. On the edit page for the SAML connection, click the Attributes tab

    and do the following:

    .

  5. Select Create a New SAML Attribute Statement and then select Create a SAML Attribute.

    Image Removed


    Image Added

    This opens the SAML Attribute dialog

    , where you enter information for the attribute

    .

    Image Removed


    Image Added

    Info

    In this dialog, the following fields are the most important:

  6. Name (required) — The name for the attribute.
  7. Display Name — The name that appears to users in EmpowerID.

    8. Mapped Attribute — Specifies whether the attribute is mapped to the value of an EmpowerID Person or account property.
    If so, the attribute value stores the mapping formatted as 

    Span
    stylebackground: #f4f2f9; color: #0072be;

    {ComponentName.PropertyName}

    where ComponentName is a

    • Person
    • PersonPrincipal (pared-down version of Person)
    • Account
    • AccountPrincipal (pared-down version of Account)
    and PropertyName is the mapped property on the component, such as EmployeeID

    Attribute Value — Specifies the value of the attribute being passed to the service provider.
    For example, if your attribute is mapped to the EmployeeID of an EmpowerID Person, the value of this field is 

    Span
    stylebackground: #f4f2f9; color: #0072be;

    {Person.EmployeeID}

    .
    Format — The format of the attribute as specified by the service provider. If the service provider has not specified a format, select Unspecified.


    Insert excerpt
    IL:SAML Attribute Dialog
    IL:SAML Attribute Dialog
    nopaneltrue

  8. Fill in the fields as needed and then click Add to close the SAML Attribute dialog.

    Image Removed
  9. Back in the main page, click Save.

    Click Save.

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue