Modify a Single Sign On Claim Using Static Text with a Formatted String
Your want to modify an attribute to create a customized claim for use with Single Sign-On
Use a 'Formatted String' to add static text to attributes that will be pulled from a User Repository.
Important Note: The 'Formatted String' option is only available for LDAP-Based user repositories
Navigate to the Identity Claims tab.
Click on the 'Create' button to create a new claim
Define a name for this claim in the 'Name' field.
- Navigate to the PortalGuard server and open the Identity Provider Configuration Editor.
- Navigate to the SAML Websites tab and edit the Relying Party that needs a claim for Group information.
The 'Schema Type' corresponds to the attribute 'Name' value that the SP is looking for.
- This value will only be used as a reference point in the Identity Provider Configuration Editor and is NOT sent alongside the Claim during SSO.
The 'Value Type' will be set to 'Formatted String'.
Under the Formatted sub-tab, input the structure the claim should follow.
- Oftentimes, the SP will require the claim to be sent with an attribute 'Name' formatted with 'urn...'
- If you are unsure, click the 'Pre-defined Types' button and choose an option from the dropdown.
Your final result should resemble the following:
Save the new claim.
Save the Relying Party Configuration.
From the main screen of the Identity Provider Configuration Editor, click the 'Apply to Identity Provider' button.
Click the 'Sync' button.
- For this example, we will be sending the sAMAccountName from AD with a static 'scope'. This claim will resemble an email address, but will not actually match the user's email address (otherwise, we would use a standard claim to send the 'mail' attribute).
- This example is useful when claims need to be scoped for a Service Provide, but the 'Formatted String' can be used to configure many different variations on standard claims as needed.
- All attributes to be pulled from LDAP should be encased in square brackets (i.e. [sAMAccountNAme]).
- If the LDAP Field is multi-valued, only the initial value will be used.
REV. 09/2018 | PortalGuard