AnsweredAssumed Answered

Disambiguate user in SAML 2.0 Auth Scheme

Question asked by mario on May 21, 2013
Latest reply on Jun 26, 2013 by Manjari_Gangwar
Is there a way to have the SAML 2.0 Auth Scheme validate a user based on more than just the NameId (%s)?

There are 5 different attributes from a SAML assertion (nameID, entityId, orgId, dob, lName) that the SAML auth scheme would need to validate against an Oracle db. So… the issue is how do we stay out of developing a custom message consumer plugin and instead use the out of the box functionality in SM (SAML/SQL query schemes and/or user directory) to do this?

Seems like a very basic issue but yet, the SM env does not seem to lend a clear path. All the examples refer to disambiguation based on just 1 value - the NameId (where User=%s - the bind var).

Any help would be greatly appreciated.

Outcomes