Wrong user name being passed
Christopher Bongaarts
cab at umn.edu
Wed Apr 23 15:14:26 EDT 2014
On 4/23/2014 1:15 PM, Cantor, Scott wrote:
> I don't see anything in that reference that mentions givenName being
> supported, so I think you're sort of assuming facts not in evidence based
> on what you'd expect/hope, but they may not live up to that.
It's tucked in underneath configuring the attribute filter:
> ArcGIS Online supports flow-in of the givenName and the email address
> attributes of the enterprise login from the enterprise identity
> provider into ArcGIS Online. When a user signs in using an enterprise
> login and if ArcGIS Online receives attributes with the names
> givenname and email or mail (in any case), ArcGIS Online populates the
> full name and the email address of the user account with the values
> received from the identity provider.
FWIW, we're not sending those, and from what I've heard, they're
actually looking for SAML attributes with those literal names, as
opposed to the "standard" urn: formatted names.
So if someone wanted to do this, you would first define new attributes
in attribute-resolver.xml that get the appropriate values you want to
send, and add an AttributeEncoder of type SAML2String and names
"givenName" and "mail". Then configure attribute-filter.xml to release
those attribute to the ArcGIS SP.
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list