Configuring Slack to use Shibboleth
Nate Klingenstein
ndk at sudonym.me
Thu Apr 14 17:37:01 EDT 2016
> They provide documentation for their custom SAML process here:
> https://get.slack.help/hc/en-us/articles/205168057
I was just reviewing this last night. Beyond the typical custom implementation stuff, one thing that jumped out at me is the Required for both:
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="TEAMDOMAIN.slack.com" SPNameQualifier="https://slack.com/">Your Unique Identifier</saml:NameID>
and
<saml:Attribute Name="User.Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">testuser at youremail.com
</saml:AttributeValue>
</saml:Attribute>
I haven’t played with it to see what happens if one, the other, neither, both, or a changed value gets sent. It’s my next step, so if anyone knows anything, it would be helpful.
My hope is that they just use the persistentId as an identifier and email as email. I have lots of hope in life, though.
More information about the users
mailing list