dmthames | 2019-02-05 16:51:15 UTC | #1
Hello,
We are attempting an sso integration using Ping Federate back to our org. Having issues with the email in saml subject... is there another field we can use to pass that attribute?
Typically we can see the value of the saml subject, but purecloud is requesting a transient nameid-format which appears to be encrypting the saml subject.
Here's a snip of what we're sending over to purecloud:
<saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="REMOVED" SPNameQualifier="mypurecloud.com/prod"
REMOVED</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData Recipient="https://login.mypurecloud.com/saml"
NotOnOrAfter="2019-02-05T16:43:29.627Z" InResponseTo="RoM2nHkObfhQhQD8HHpBZmhEjKgFHj-i72MTvHXtyjU" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2019-02-05T16:33:29.627Z" NotOnOrAfter="2019-02-05T16:43:29.627Z"
<saml:AudienceRestriction><saml:Audience>mypurecloud.com/prod</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement SessionIndex="T9fnuOYHok5XPVnX6Yx6ovv3dZd"
AuthnInstant="2019-02-05T16:12:24.805Z"
<saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="OrganizationName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
<saml:AttributeValue xsi:type="xs:string"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
REMOVED</saml:AttributeValue></saml:Attribute><saml:Attribute Name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
<saml:AttributeValue xsi:type="xs:string"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
REMOVED</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
dmthames | 2019-02-08 17:28:35 UTC | #2
Hello All, As an update, the issue here appears to be that Ping Federate is not GA as a supported auth method. My internal authorization technical resource is working with Genesys on making modifications to accommodate Ping Federate. I'll update when the issue is resolved. Thanks Dean.
Jari_Riihimaki | 2019-03-06 08:17:50 UTC | #3
@dmthames , Have you found details how Ping Federated might be used ?
Any information if it's on roadmap to add Ping Federate as supported auth method ?
Best Regards, Jari
Jack_Nichols | 2019-03-06 18:15:32 UTC | #4
@john do you have any thoughts on the question above?
Jari_Riihimaki | 2019-03-08 08:17:33 UTC | #5
There seems to be a lot of interest to support different IdPs. Here is for example an idea for generic and configurable SAML2 support: https://purecloud.ideas.aha.io/ideas/CLPLA-I-669
There is also an idea to support PingFederate as IdP: https://purecloud.ideas.aha.io/ideas/CLPLA-I-678
and other ideas for other IdPs ( HDE One) https://purecloud.ideas.aha.io/ideas/CLINT-I-35 (AD Self Service Plus) https://purecloud.ideas.aha.io/ideas/CLANA-I-249 ( CA Sign-On) https://purecloud.ideas.aha.io/ideas/CLPLA-I-124 ( SailPoint) https://purecloud.ideas.aha.io/ideas/CLPLA-I-27
system | 2019-04-08 08:17:36 UTC | #6
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 4514