Changes for page Single Sign-On (SSO) via SAML

Last modified by Mark Kohlmann on 2025/05/10 00:45

From 3.2 to 4.1

From version 1.1

edited by Mark Kohlmann
on 2025/05/09 18:24

Change comment: There is no comment for this version

To version 3.2

edited by Mark Kohlmann
on 2025/05/10 00:45

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -18,58 +18,15 @@
  ==== SAML IdP Claim Mapping: ====
  |=Function|=Attribute Name|=Required|=Expected Value|=Sample Values|=Notes
--|User Id|
++|User Id|{{{http://schemas.microsoft.com/identity/claims/objectidentifier}}}|Y|GUID or unique identifier within the IdP system|{{{101507cb-90da-473d-bfa7-9967979824e7 00ab9c907defGhIJ1697}}}|If a GUID is not returned then the value is hashed and converted to a GUID
++|Username|{{{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier}}}|Y|username or email address|{{{john.doe jane.doe@example.com}}}|
++|Display Name|{{{http://schemas.microsoft.com/identity/claims/displayname}}}|Y|User's name|Example: John|{{{John Doe}}}|
++|User Group|{{{http://schemas.microsoft.com/ws/2008/06/identity/claims/role}}}|Y|User's Group Name|{{{Administrators End Users General Users}}}|Must match a ShowRunner User Group name
++|PIN|pin|N|User's passcode/PIN code for touchscreen|{{{123456}}}|
++|Touchscreen Access Level|touchscreenAccessLevel|N|Access level for the user when access a touchscreen|{{{Valid Values: None, Technician, User Example: Technician}}}|
++|Login Permitted|userLoginPermitted|N|Locations where a user can login.  Multiple values are supported|{{{Valid Values: None, Touchpanel, Web Example: Touchpanel,Web}}}|Comma separated listed of valid values
++|Login Method|userLoginMethod|N|How a user can login|{{{Valid Values: None, Username, PIN Example: Username,PIN}}}|Comma separated listed of valid values
--{{{http://schemas.microsoft.com/identity/claims/objectidentifier}}}|Y|GUID or unique identifier within the IdP system|
--
--{{{101507cb-90da-473d-bfa7-9967979824e7
--00ab9c907defGhIJ1697}}}|If a GUID is not returned then the value is hashed and converted to a GUID
--|Username|
--
--{{{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier}}}|Y|username or email address|
--
--{{{john.doe
--jane.doe@example.com}}}|
--|Display Name|
--
--{{{http://schemas.microsoft.com/identity/claims/displayname}}}|Y|User's name
--Example: John|
--
--{{{John Doe}}}|
--|User Group|
--
--{{{http://schemas.microsoft.com/ws/2008/06/identity/claims/role}}}|Y|User's Group Name|
--
--{{{Administrators
--
--End Users
--
--General Users}}}|Must match a ShowRunner User Group name
--|PIN|pin|N|User's passcode/PIN code for touchscreen|
--
--{{{123456}}}|
--|Touchscreen Access Level|touchscreenAccessLevel|N|Access level for the user when access a touchscreen|
--
--{{{Valid Values:
--None, Technician, User
--
--Example:
--Technician}}}|
--|Login Permitted|userLoginPermitted|N|Locations where a user can login.  Multiple values are supported|
--
--{{{Valid Values:
--None, Touchpanel, Web
--
--Example:
--Touchpanel,Web}}}|Comma separated listed of valid values
--|Login Method|userLoginMethod|N|How a user can login|
--
--{{{Valid Values:
--None, Username, PIN
--
--Example:
--Username,PIN}}}|Comma separated listed of valid values
--
  ==== Notes: ====
  * Value mapping must be done on IdP side
@@ -76,7 +76,7 @@
  * A successful authentication with the IdP will add the user to ShowRunner's user database if they don't exist
  * User matches occurs based on the User Id, ensure that the User Id is unique within your IdP
  * All user values will be updated if they change within the IdP system
--* Non-Required values that are not sent with the SAML assertion will not update the ShowRunner's users
++* Non-Required values that are not sent with the SAML assertion will not update the ShowRunner's users equivalent value
  ==== Example Integrations: ====