/
SAManage

The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

SAManage

Owned by David Langenberg
Last updated: Apr 23, 2015Version comment

The general overview of the SAManage.com side is here: https://blog.samanage.com/company/saml-single-sign-on-support-samanage/

To configure Shibboleth to work with SAManage.com:

  • Configure your IdP to not encrypt assertions or nameIDs
  • Configure your IdP to release the user's email address as the NameID with a name format of
    urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
     

 

relying-party.xml

It is important to note here that you don't want encrypted assertions nor encrypted nameIDs

<RelyingParty id="SAManage.com" provider="urn:mace:incommon:uchicago.edu" defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
        defaultSigningCredentialRef="IdPCredential">
        <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="never" encryptNameIds="never" />
</RelyingParty>

attribute-resolver.xml

<resolver:AttributeDefinition id="mailNameId" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
        <resolver:Dependency ref="email" />
    
        <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />
    </resolver:AttributeDefinition>

Related content

Asana
Asana
Shibboleth 2
More like this
Google Apps for Education
Google Apps for Education
Shibboleth Knowledge Base
More like this
Using SAML Proxying to another IdP
Using SAML Proxying to another IdP
Shibboleth Knowledge Base
More like this
Home
Home
Identity Provider 3
More like this
Home
Home
Identity Provider 4
More like this
SAMLAuthnConfiguration
SAMLAuthnConfiguration
Identity Provider 4
More like this