You are viewing limited content. For full access, please sign in.

Discussion

Discussion

Using SAML Attributes in Laserfiche Forms

posted on December 3, 2020

I have SAML authentication setup and working to authenticate. I have also figured out how to use the groups that come back in a SAML response. I'm also not sure how to use anything else.

If we add DisplayName, First Name, Last Name, and Department to the SAML claim and map them in the IdP settings, logging in doesn't update Forms or LFDS. :( So this information is not useful.

What am I missing?

0 0
replied on December 4, 2020

Hi Elexis,

There may be a mismatch between the claim names you used in the Identity Provider's claim mapping settings and the ones that are actually getting sent over by the SAML provider. I'd recommend intercepting the SAML Response during a login, and checking that the names match up.

For example, if your decoded SAML Response has this line in it

<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"> 

You would then want to enter "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"  into your Last Name claim mapping field in LFDS (without quotes).

0 0
replied on December 4, 2020

Thanks for the response. However, I believe I have done that and mapped them properly. For now with the below, I am testing DisplayName and Department. Neither of them update upon login per the content in the SAML response.

0 0
replied on December 4, 2020

Hmm in that case I would recommend opening a ticket with our Support team so we can take a closer look. Please include screenshots of a SAML user's General and Profile tabs in LFDS, a screenshot of your SAML identity provider configuration, and a screenshot of your identity provider claim mappings (as you did above). Also include a browser HAR trace of you logging in as the user.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.