on 09-15-2017 6:10 PM
Hi.. I want to connect my Cloud Applications With My Corporate User Store (Active Directory).
I've already tried this blog below:
I've done all the steps, but it isn't work for me.
Thank you!
Hi,
Our issue is because of the new host us3 (Sterling).
Thank you!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arlei,
Check this blog post. The following might also help if you are still facing any issues:
The field “User ID Source” as “Subject” at the IdP maintenance screen means SCP will try to retrieve the User ID information from the Subject Assertion contained on the SAML v2.0 during authentication. In order to have the authentication go through correctly your IdP MUST provide a XML tag with name = “NameID” inside the “Subject” tag. This is default behavior for Subject and cannot be changed or customized on SCP (as far as I know). If you do not use the Subject and NameID information on the SAML Assertion, you may use the Custom Attribute Name, just as long as the your user's ID is contained within (i.e.: email address). The rule is that NameID or whatever attribute you use identifies *uniquely* all users on SCP.
Another prerequisite most people forget is that you must have your IdP exposed on the internet. That is, your user base MUST have access to your IdP via internet. It doesn't matter if you have Cloud Connector in place - because part of the communication will take place between browser and IdP anyway. In other words, SCP will delegate the authentication to a 3rd party system and only after it takes place it will check if it is a trusted principal or not. If your IdP isn't exposed, than your users will not be able to reach the authentication service (be is a FORM authentication or SSO).
Try troubleshooting the issue using Firefox with an extension called SAML tracer. Once you have this extension inspect the XML assertion during the authentication and check the requirements above are met correctly.
Try using the Network Tracing via Developer Tools on the browser to inspect if you have all requests being executed correctly and users actually have access to the resources. The console screen might also be used to inspect any JavaScript errors if you are experiencing any issues with FORM authentication using UI5 or other JS Framework.
If everything else fails, try posting error messages or other relevant information you find - otherwise it is too difficult for us to assist you.
Regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You mean you need to have a hybrid solution in which User IDs from your customers are maintained separately from your Workers that have access to applications via AD IdP?
In such case, there are still valid options:
Regards,
Ivan
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.