User attributes from SAML

Idea created by Thomas Indelli on May 25, 2016
    Under Consideration
    • Richard Wills
    • Byrd, Tracy
    • Zachary Auciello
    • 7211852
    • Bryan Sherman
    • Thomas Indelli

    (Originally posted on 30, March 2015)

    We've just begun our implementation of Samanage (moving from a locally-hosted solution), and are working to use our existing SSO implementation (Shibboleth, specifically).  Unfortunately, the SAML integration only accepts the e-mail address for the current user.  SAML assertions have the ability to include attributes, and in this case we can pass attributes from LDAP which we would like to use to populate values in the user record within Samanage.

    The official recommendation was to use OneLogin to manage these things, but we don't want to implement another SSO solution for our users to deal with, nor do we want to run a system to sync our AD/LDAP information to OneLogin when we already have an SSO implementation (not to mention that central IT does not want us to replicate the LDAP information and instead all but requires us to use existing systems).

    We'd love to be able to provide information about the user during AuthN time instead of doing a separate sync.
    What problem will this feature solve?: