...
Below is an example of Active Directory attribute/Outgoing Claim Type mappings that can be used for logging into Chemwatch via SSO:
...
IMPORTANT NOTES:
If you set your IDP as above, then inside our application: your SAM-Account-Name will get mapped to our User Login, your E-Mail-Adresses will get mapped to our Email and your Display-Name will get mapped to our Person Name.
Important point here to remember is that, your Outgoing Claim Types must have at least Name ID - this gets mapped to our User Login and E-Mail Address - this gets mapped to our Email. The 3rd one should be Given name - this gets mapped to our Person Name.
In absence of the 2nd and the 3rd Outgoing Claims, Name ID gets mapped to both of Person Name and User Login at our end. But Email at our end will be left blank.
In absence of the 3rd Outgoing Claim, Name ID gets mapped to both Person Name and User Login at our end.
Name ID is what uniquely identifies the SSO user in the system.
Sending the Outgoing Claim Name ID is required.
You choose what your LDAP Attributes you want to map against those Outgoing Claim Types.
The metadata.xml from the Chemwatch side that will be used to configure your IDP looks like the following:
...