Bomgar/BeyondTrust relying party?
Herron, Joel D
herronj at uww.edu
Fri Oct 14 13:37:34 UTC 2022
We are allowing their release of the persistent nameID which is just our standard persistent ID (a sha1 hash of a salted UUID). As well I’m releasing:
uid, displayName, mail and groupMembership (for authorization in BT)
I’m doing nothing special in relying party or in their metadata, was a really easy setup from what I recall.
Hope that helps,
--Joel
From: users <users-bounces at shibboleth.net> on behalf of IAM David Bantz via users <users at shibboleth.net>
Date: Thursday, October 13, 2022 at 2:40 PM
To: Shib Users <users at shibboleth.net>
Cc: IAM David Bantz <dabantz at alaska.edu>
Subject: Bomgar/BeyondTrust relying party?
EXTERNAL EMAIL
Have you successfully configured Bomgar (BeyondTrust) for SSO via your Shibb IdP ?
Bomgar (BeyondTrust) has a GUI for SAML SSO integration that is mostly clear and straightforward,
but seemingly appropriate SAML assertions trigger “Authentication Failed” message at the service
(with no further details).
Incoming SAML request specifies a nameid-format:persistent (not mentioned in the GUI) so
I configured release of nameID based on uid (unscoped username) and ePPN (same username, @alaska.edu<http://alaska.edu>)
with the requested format. Neither alternative produced anything further than “Authentication Failed” at the service.
Support has so far been less than useless. Perhaps you know an additional unmentioned requirement or trick?
David St Pierre Bantz
U Alaska IAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221014/f5b2be99/attachment.htm>
More information about the users
mailing list