will.good Posted March 29, 2022 Share Posted March 29, 2022 Hi, Feature Request: The ability to compare against TWO claims in the SSO. Now, it is possible to configure another SAML Claim field (than NameID) to be compared against the logon ID. We would like it to be configurable such that a second Claim can be checked if the first (NameID) check fails. Link to comment Share on other sites More sharing options...
Gerry Posted March 30, 2022 Share Posted March 30, 2022 @will.good Looking at this, its not something we will be able to do without a lot of re-structuring of how the SSO implementation works. Its not just a case of checking another entity, in order to get the SAML assertion in order to check the NameID / LoginID that means we would have to try all of the configured SSO profiles one at a time, and that would be entirely implemented and orchestrated by the front end code redirecting back and forth between the IDPs and our service. This is not at all recommend or supported by the standard, it would be bad practice to "just try them all" and it would create a terrible UI experience for the users trying to log in too, and given the amount of work required to even try to make this work, and the very high risk of introducing defects, this is not something we can implement I am afraid. Thanks Gerry Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now