Bomgar/BeyondTrust relying party?

Paul Engle pengle at rice.edu
Mon Oct 17 14:10:05 UTC 2022 

We're also not doing anything special for Bomgar with our standard
persistent NameID. The only gotcha I ever recall encountering was when we
were accidentally releasing duplicate attributes with different names but
the same friendlyName. Bomgar really didn't like that. No one else seemed
to have a problem with it. Nevertheless, I fixed it so the duplicate
attributes weren't being released, and it started to work again.

-- 
Paul Engle
IAM Architect
Identity & Access Management
pengle at rice.edu 713-348-4702


On Fri, Oct 14, 2022 at 8:38 AM Herron, Joel D <herronj at uww.edu> wrote:

> We are allowing their release of the persistent nameID which is just our
> standard persistent ID (a sha1 hash of a salted UUID). As well I’m
> releasing:
> uid, displayName, mail and groupMembership (for authorization in BT)
>
>
>
> I’m doing nothing special in relying party or in their metadata, was a
> really easy setup from what I recall.
>
>
>
> Hope that helps,
>
>
>
> --Joel
>
>
>
> *From: *users <users-bounces at shibboleth.net> on behalf of IAM David Bantz
> via users <users at shibboleth.net>
> *Date: *Thursday, October 13, 2022 at 2:40 PM
> *To: *Shib Users <users at shibboleth.net>
> *Cc: *IAM David Bantz <dabantz at alaska.edu>
> *Subject: *Bomgar/BeyondTrust relying party?
>
> *EXTERNAL EMAIL*
>
> Have you successfully configured Bomgar (BeyondTrust) for SSO via your
> Shibb IdP ?
>
>
>
> Bomgar (BeyondTrust)  has a GUI for SAML SSO integration that is mostly
> clear and straightforward,
>
> but seemingly appropriate SAML assertions trigger “Authentication Failed”
> message at the service
>
> (with no further details).
>
>
>
> Incoming SAML request specifies a nameid-format:persistent (not mentioned
> in the GUI) so
>
> I configured release of nameID based on uid (unscoped username) and ePPN
> (same username, @alaska.edu)
>
> with the requested format. Neither alternative produced anything further
> than “Authentication Failed” at the service.
>
> Support has so far been less than useless. Perhaps you know an additional
> unmentioned requirement or trick?
>
>
>
> David St Pierre Bantz
>
> U Alaska IAM
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221017/6a146a44/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20221017/6a146a44/attachment.p7s>

More information about the users mailing list