Uploaded image for project: 'Alfresco One Platform'
  1. Alfresco One Platform
  2. ACE-2758

Email field used as user id when doing SSO with SAML should be configurable.



      I have tried to configure SSO with SAML and Alfresco cloud working with a public IDP http://www.ssocircle.com

      But I encountered a problem because after authentication on the IDP, Alfresco received back in the assertion the email address used as user id in our cloud but the attribute returned by ssocircle is “emailaddress”, not “email” as expected by Alfresco. Therefore authentication was failing.

      See: SAMLAssertionConsumerImpl.java,
      line 83: String email = attributes.get(AlfrescoSAMLAttributes.Email.toString().toLowerCase());

      If I replace line 83 by:
      String email = attributes.get("emailaddress");

      then it works fine!

      Note: While configuring the IDP adding Alfresco as new service provider, I checked the checkbox asking to include “email” in the assertion.

      As guide to the configuration, I have used this video: https://www.youtube.com/watch?v=bk-gCYfNVT8

      The application used in the video is not Alfresco but if you look around minute “5:22” in the video there is a sequence where a mapping of NameIDFormat is done. The mapping seems to specify attribute name expected from the IDP and how it will be mapped to a DB field. I can't find something equivalent in Alfresco.

      Should that type of mapping be added to Alfresco in order to be able to integrate to more IDPs?


          Issue Links




                • Assignee:
                  resplin Richard Esplin [X] (Inactive)
                  pdubois Philippe Dubois [X] (Inactive)
                • Votes:
                  3 Vote for this issue
                  11 Start watching this issue


                  • Created:

                    Structure Helper Panel