IDP03 unsolicited sso support
Cantor, Scott
cantor.2 at osu.edu
Thu May 7 12:19:05 EDT 2015
On 5/7/15, 11:49 AM, "Alexander Galilov" <alexander.galilov at gmail.com> wrote:
>
>Now I have another issue from Salesforce SAML validator:
>
>Subject: AAdzZWNyZXQxKb+vKRzExCggvlsBj11cPO1e4b8KwJYq42uI5hcOaLP04CqFfzHS3zmHQiOPqvg5F9kn9oKHG1Ec0g88Mt0QlgImEP3lwJ3tHK75bi9yE8S/2RFQIoEMAg1wNZmeA7DG2+HI
>Unable to map the subject to a Salesforce.com user
Because you're using a transient subject identifier. You have to start with a clear sense of the technical requirements of the SP, and then you know what to change on the IdP. That's true of every vendor.
I believe Salesforce handles either Attribute or NameID-based account linking, but you're providing it neither, I would imagine. You have to start by picking what you want to use and configuring Salesforce to look for that. I'm using eduPersonPrincipalName in an Attribute, so I didn't have to do anything unusual, but that requires appropriate configuration in Salesforce.
-- Scott
More information about the users
mailing list