Jump to content

Dual Claim SSO


will.good

Recommended Posts

Hi,

Feature Request:
The ability to compare against TWO claims in the SSO.
Now, it is possible to configure another SAML Claim field (than NameID) to be compared against the logon ID.
We would like it to be configurable such that a second Claim can be checked if the first (NameID) check fails.

Link to comment
Share on other sites

@will.good

Looking at this, its not something we will be able to do without a lot of re-structuring of how the SSO implementation works. Its not just a case of checking another entity, in order to get the SAML assertion in order to check the NameID / LoginID that means we would have to try all of the configured SSO profiles one at a time, and that would be entirely implemented and orchestrated by the front end code redirecting back and forth between the IDPs and our service.  This is not at all recommend or supported by the standard, it would be bad practice to "just try them all" and it would create a terrible UI experience for the users trying to log in too, and given the amount of work required to even try to make this work, and the very high risk of introducing defects, this is not something we can implement I am afraid. 

Thanks

Gerry

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...