04-24-2017 05:52 PM
hi experts,
I'm currently having a problem when enabling SAML authentication with Azure on the Sponsor Portal.
The issue is that, the employee is not able to see his sponsor pending accounts.
After debugging, I found that the attribute that we are using is: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name . However, this claim is returning the email with the following format: John.Smith@company.com. If the guest goes to the self-registration portal and type the email in the same format as above (matching the uppercase letters), the sponsor account is able to see the pending account. However, if the guest types the email in lower case format, it doesn't work.
I've tried other claims, but from the logs there's no response from those attributes:
"claims used"
2017-04-24 16:47:16,186 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn>
2017-04-24 16:47:16,186 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name>
2017-04-24 16:47:16,186 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://docs.oasis-open.org/imi/ns/token/saml2/200908/emailaddress>
2017-04-24 16:47:16,186 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress>
2017-04-24 16:47:16,186 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/windowsaccountname>
"result"
2017-04-24 16:47:16,187 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] attributeName=<Azure.emailaddress>, not recieved in response, caching with default value=<>
2017-04-24 16:47:16,187 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] attributeName=<Azure.email>, not recieved in response, caching with default value=<>
2017-04-24 16:47:16,187 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] attributeName=<Azure.upn>, not recieved in response, caching with default value=<>
2017-04-24 16:47:16,187 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] attributeName=<Azure.windowsaccountname>, not recieved in response, caching with default value=<>
2017-04-24 16:47:16,187 DEBUG [http-bio-10.156.92.142-8443-exec-11][] cisco.cpm.saml.framework.SAMLSessionDataCache -::::- [storeAttributesSessionData] idStore=<Azure> userName=John.Smith@company.com>
Any ideas of any other claims I can use? or how to change the email format?
Solved! Go to Solution.
04-24-2017 06:01 PM
Is Patch 2 or above applied? This seems same as CSCvb14848.
04-24-2017 06:01 PM
Is Patch 2 or above applied? This seems same as CSCvb14848.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide