Shibboleth SP not able to get eppn value from Duo SSO

Cathy Scott cathystill at gmail.com
Fri Jan 21 23:36:58 UTC 2022 

And thank you for the information.

On Fri, Jan 21, 2022 at 3:35 PM Cathy Scott <cathystill at gmail.com> wrote:

> Yes, Duo SSO is the IdP.
>
> On Fri, Jan 21, 2022 at 3:06 PM IAM David Bantz <dabantz at alaska.edu>
> wrote:
>
>> At the risk of muddying the waters, I think Scott is appropriately
>> referring to Shibboleth IdP's very extensive ability to manipulate
>> directory attributes into SAML attributes. Cathy Scott appears to be asking
>> about SAML attribute configuration in Duo’s SSO IdP to deliver a SAML
>> attribute of un-scoped username. The documentation for Duo SSO IdP (
>> https://duo.com/docs/sso) suggests only a simple mapping of claim name
>> to directory attribute. That might be enough if your directory contains an
>> un-scoped version of username (perhaps in cn or another attribute).
>>
>> On 21Jan2022 at 13:38:57, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>>
>>> On 1/21/22, 5:23 PM, "users on behalf of Cathy Scott" <
>>> users-bounces at shibboleth.net on behalf of cathystill at gmail.com> wrote:
>>>
>>>    Apologies for the imprecise wording. I'm attempting to get a unique
>>> value that aligns with the "username"
>>>
>>> field values in the application. The username value is the part before
>>> the @ of userPrincipalName. Duo SSO
>>>
>>> has preconfigured attributes email address, username, firstname,
>>> lastname and display name. And no way to
>>>
>>> do a transform (as in ADFS). Can you offer a suggestion on how to
>>> achieve this?
>>>
>>>
>>> The documentation covers how to map anything you want into the system
>>> and how to do some degree of transforms, assuming that gets you to a
>>> correct value. If you're not getting a matching value in any of the
>>> possible inputs, there's not much the SP can do about it.
>>>
>>> -- Scott
>>>
>>>
>>> --
>>> For Consortium Member technical support, see
>>> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
>>> To unsubscribe from this list send an email to
>>> users-unsubscribe at shibboleth.net
>>>
>> --
>> For Consortium Member technical support, see
>> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220121/78588f32/attachment.htm>

More information about the users mailing list