Configuring Slack to use Shibboleth
Matt Brennan
brennanma at gmail.com
Fri Apr 29 12:14:36 EDT 2016
Did you guys get this to work? I'm trying to set it up, but every time I
hit "Save" it authenticates me through the IdP and brings me back to the
default chat room. I can't seem to find any log messages (on either side)
that actually give a hint what's going on.
-Matt
On Thu, Apr 14, 2016 at 5:37 PM, Nate Klingenstein <ndk at sudonym.me> wrote:
> > They provide documentation for their custom SAML process here:
> > https://get.slack.help/hc/en-us/articles/205168057
>
> I was just reviewing this last night. Beyond the typical custom
> implementation stuff, one thing that jumped out at me is the Required for
> both:
>
> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
> NameQualifier="TEAMDOMAIN.slack.com" SPNameQualifier="https://slack.com/">Your
> Unique Identifier</saml:NameID>
>
> and
>
> <saml:Attribute Name="User.Email"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
> <saml:AttributeValue xsi:type="xs:anyType">testuser at youremail.com
> </saml:AttributeValue>
> </saml:Attribute>
>
> I haven’t played with it to see what happens if one, the other, neither,
> both, or a changed value gets sent. It’s my next step, so if anyone knows
> anything, it would be helpful.
>
> My hope is that they just use the persistentId as an identifier and email
> as email. I have lots of hope in life, though.
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160429/84f63e02/attachment.html>
More information about the users
mailing list