Versions Compared

Old Version 10

changes.mady.by.user Ridwan

Saved on

compared with

New Version 11

changes.mady.by.user Tamer Bozkurt (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/>

The Chemwatch system will use the Name claim as a first preference during SSO login, and will populate the User Login and Person Name fields (during self-registration on first user login) on the Chemwatch user record if this claim is available. This is not dependant on the order in which the Name claim is sent. The Name ID claim is the secondary claim preference for the Chemwatch system. If the Name claim is not available, then the Name ID claim will be used to populate the User Login and Person Name fields on the Chemwatch user record.

One of either Name or Name ID claims must be made in order to successfully log in to Chemwatch via SSO. The E-mail Address claim will be used to populate the Email field of the Chemwatch user record if available.

Image Added

Below is an example of Active Directory attribute/Outgoing Claim Type mappings that can be used for logging into Chemwatch via SSO:

...

The metadata.xml from the Chemwatch side that will be used to configure your IDP looks like the following:

...