Question Pro

[Lohr, Donald]

I have it configured as a "IdP Initiated" solution.

Now folks want SAML auth for individual surveys, which QP supports. Each 
survey has a unique QP url.

I'm looking for another Question Pro .edu customer to see how they did 
their configuration and how they handle individual survey SAML auth.

Thanks,
Don

On 6/9/20 2:16 PM, Peter Schober wrote:
> * Lohr, Donald <lohrda at jmu.edu> [2020-06-09 19:54]:
>> Anyone using this SP and have it configured against their Shibboleth 3x IdP?
> I note their docs at
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.questionpro.com_help_saml-2Dauthentication.html&d=DwICAg&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=jXaz3hNgk4MtEPljpqNtPakpDS_8WtoYtxy0ZSxBdts&s=WzwcKxf-Mq1_1ht7l11fojkQexeLliwyLyLyFxuwrZE&e=
> don't mention any of /their/ metadata (or entityID, endpoints or
> certificate separately). So it's unclear they support encryption, for
> example.
>
> Other than that it looks like the usual lowest-possible-support for
> SAML: Doesn't perform signature validation on remotely loaded metadata
> (making the "IDP metadata URL" method unsafe to use), requires custom
> attribute names, suggests/requires email address as unique user
> identifer in attribute "emailAddress" (NameFormat unkown, I'd use
> basic for correctness), etc.
>
> The part on how additional user data should be sent from
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.questionpro.com_help_survey-2Dauthentication-2Dsaml.html&d=DwICAg&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=jXaz3hNgk4MtEPljpqNtPakpDS_8WtoYtxy0ZSxBdts&s=X5Gkcl3OL2JL8FSL9Bgl9LtsIgPWEJIK66r3ysZFvyY&e=
> I don't understand:
>
>> All the attributes will be stored in the custom variables in a
>> sequential manner first attribute will go in custom1, second
>> attribute in custom2 and so on. [...]
> -peter

-- 
D o n a l d   L o h r
I n f o r m a t i o n   S y s t e m s
J a m e s   M a d i s o n   U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0