Menu
▾
▴
Re: [Unity-idm-discuss] Authentication fails
|
From: Krzysztof B. <go...@ic...> - 2015-06-30 15:26:32
|
W dniu 30.06.2015 o 16:52, Gerben Venekamp pisze: > Thanks Krzysztof! I am getting a lot further now. I see the SAML > attributes in the loggin now. What seems to be failing is mapping from > the identy in the SAML assertion to an identity Uniy understands. If I > understand correctly, I could take > urn:mace:dir:attribute-def:eduPersonPrincipalName: > [be...@ha... <mailto:be...@ha...>] and > map that to a user within Unity? Yes of course. You need to properly setup your input translation profile (AdminUI -> Server management -> Translation Profiles) In the profile you have to map what you get from your IdP to Unity representation in the way you want. The only mandatory step is to map something to Unity identity (of any type you wish). Relevant docs: http://unity-idm.eu/documentation/unity-1.6.0/manual.html#_remote_authentication http://unity-idm.eu/documentation/unity-1.6.0/manual.html#translation You may find translation profile wizard useful - you can perform a "test" authN and then use what Unity get from the IdP as template to assemble your profile. Best, Krzysztof |
