Index | Prev | Next

Customizing SAML attribute mapping

This optional procedure describes how to configure the station to map arbitrarily named SAML attributes to User properties. Useful when the default mappings are not suitable, you may customize the property and attribute mappings as described here.
Prerequisites:
  • You have already configured the SAMLAuthenticationScheme for the station.
  • You have identified which SAML attributes are coming in from the IdP.
  • You have the saml palette open.
Refer to the IdP-provided documentation to determine which SAML attributes are coming in from the IdP. As an alternative, you can install a SAML add-on to your web browser, which lets you view the attributes coming in from the IdP. For example, there is the SAML DevTools extension for Chrome, which you can use.
Perform the following steps:
  1. In the station, navigate to the SAMLAuthenticationScheme.
  2. From the saml palette, drag the SAMLAttributeMapper to the SAMLAuthenticationScheme.
  3. Click the plus (+) to expand the SAMLAttributeMapper field editor.
    An editor for a new mapping opens.
  4. In the editor, replace attributeName with the name of the attribute sent by the SAML IdP. For example, employeeGroup.
  5. Expand the drop-down list to select a property in the user prototype. For example, PrototypeName.

    This maps the SAML attribute employeeGroup to the PrototypeName slot in the UserPrototype.

    Certain properties may require additional information to map an attribute. In this case, an extra field editor or check box appears. For example, Expiration requires additional information - the format in which the expiration time is sent so that the date and time can be appropriately parsed. Similarly, PrototypeName provides a check box to be selected in cases where an IdP returns a Distinguished Name (DN) for the prototypeName attribute. For more details, refer to “saml-AttributeMapper” in the Components section of this document.

  6. Repeat these steps as needed to map additional attributes and click Save when finished.

Related Links

  • Single Sign On (Parent Topic)

    • Related Concepts

  • Single Sign On

    • Related Tasks

  • Setting up the SAML IdP Service
  • Configuring subordinate stations for SAML IdP Service and Scheme

    • Related References

  • SAML Authentication Scheme (saml-SAMLAuthenticationScheme)
  • S A M L Attribute Mapper (saml-SAMLAttributeMapper)

    • Index | Prev | Next