Shibboleth SP not able to get eppn value from Duo SSO

Cathy Scott cathystill at gmail.com
Fri Jan 21 23:35:29 UTC 2022 

Yes, Duo SSO is the IdP.

On Fri, Jan 21, 2022 at 3:06 PM IAM David Bantz <dabantz at alaska.edu> wrote:

> At the risk of muddying the waters, I think Scott is appropriately
> referring to Shibboleth IdP's very extensive ability to manipulate
> directory attributes into SAML attributes. Cathy Scott appears to be asking
> about SAML attribute configuration in Duo’s SSO IdP to deliver a SAML
> attribute of un-scoped username. The documentation for Duo SSO IdP (
> https://duo.com/docs/sso) suggests only a simple mapping of claim name to
> directory attribute. That might be enough if your directory contains an
> un-scoped version of username (perhaps in cn or another attribute).
>
> On 21Jan2022 at 13:38:57, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>
>> On 1/21/22, 5:23 PM, "users on behalf of Cathy Scott" <
>> users-bounces at shibboleth.net on behalf of cathystill at gmail.com> wrote:
>>
>>    Apologies for the imprecise wording. I'm attempting to get a unique
>> value that aligns with the "username"
>>
>> field values in the application. The username value is the part before
>> the @ of userPrincipalName. Duo SSO
>>
>> has preconfigured attributes email address, username, firstname, lastname
>> and display name. And no way to
>>
>> do a transform (as in ADFS). Can you offer a suggestion on how to achieve
>> this?
>>
>>
>> The documentation covers how to map anything you want into the system and
>> how to do some degree of transforms, assuming that gets you to a correct
>> value. If you're not getting a matching value in any of the possible
>> inputs, there's not much the SP can do about it.
>>
>> -- Scott
>>
>>
>> --
>> For Consortium Member technical support, see
>> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220121/568bb627/attachment.htm>

More information about the users mailing list