Freshdesk SSO

emmar emmar at ecboces.org
Sat Apr 13 09:15:27 EDT 2019 

I have been trying to set up sso with Freshdesk for a week now!!  

Freshdesk requests a SAML1.1 emailAddress name format.
I already have a custom nameId referencing the email attribute working with
Zoom SSO.  So, I thought it would be better to use the same custom nameId
because I thought I read somewhere that you should not reference the same
attribute with two different resolvers.  (Please correct me if I am wrong)

So, I have added this to the attribute resolver:
        <resolver:AttributeDefinition id="zoomLogin" xsi:type="Simple"
                              xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              sourceAttributeID="mail">

        <resolver:Dependency ref="siteLDAP"/>
        <resolver:AttributeEncoder xsi:type="SAML2StringNameID"
                               
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                               
nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:email" />
        <resolver:AttributeEncoder
                xsi:type="enc:SAML2StringNameID"
                xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
               
nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />

I have uncommented this in the saml-nameid.xml and pointed it to my custom
nameid:

   <bean parent="shibboleth.SAML1AttributeSourcedGenerator"

           
p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"

            p:attributeSourceIds="#{ {'zoomLogin'} }" />

I have uncommented the following two lines in saml-nameid.properties:
# Comment out to disable legacy NameID generation via Attribute Resolver
idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator
idp.nameid.saml1.legacyGenerator =
shibboleth.LegacySAML1NameIdentifierGenerator

Somewhere along the way, I added this to relying-party.xml:
                    <bean parent="SAML2.SSO"
                         
p:includeAttributeStatement="$profileConfig.includeAttributeStatement"
                         
p:assertionLifetime="$profileConfig.assertionLifetime"
                         
p:nameIDFormatPrecedence="urn:oasis:names:tc:SAML:2.0:nameid-format:email"
                        #if ($profileConfig.signResponses == 'conditional')
                          p:signResponses-ref="SignNoIntegrity"

I continue to get the following error:
No generators installed for Format
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Would greatly appreciate some help!














--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

More information about the users mailing list