Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SAML_IDP_X509_CERT: (x509 public certificate of the Identity Provider)

From 2024_11

SAML_USERCODE_CLAIM_NAME (Optional): A custom claim name to match against a user’s Usercode

SAML_EMAIL_CLAIM_NAME (Optional): A custom claim name to match against a user’s Email

Claim Defaulting and Hierarchy (From 2024_11)

f the usercode claim name is defined or the default (see below) manages to extract a value from the SAML response then the Email claim will be ignored even if provided.

The defaulting behaviour of these claims is as follows:

Usercode:

  • If defined the Custom value will be used. Should it fail to retrieve a value or the retrieved value does not match a Dashboard User’s Usercode then login will fail

  • Our namespaced default claim of “https://www.panintelligence.com/claims/usercode“ will be attempted. If it fails to return a value or match a Dashboard User then login will fail

Email:

  • If defined the Custom value will be used. Should it fail to retrieve a value or the retrieved value does not match a Dashboard User’s Email then login will fail

  • Our namespaced default claim of “/wiki/spaces/DEV/pages/1582238068 will be attempted. If it fails to return a value the final fallback will be attempted

  • The final fallback for Email is the ‘XMLSoap’ claim that was previously the only claim used. If this fails to retrieve a value or match a Dashboard User’s Email then login will fail

Auto login

Auto login to the dashboard via SAML can be achieved by using the /auth/startSaml URL. If the variable SAML_LOGIN_SCREEN_BYPASS exists and is set to true the login screen will be bypassed by default. If direct access to the login screen is needed it can be reached via the /login URL.