Changes for page Single Sign-On (SSO) via SAML

Last modified by Mark Kohlmann on 2025/05/10 00:45

From 4.1 to 3.2

From version 3.2

edited by Mark Kohlmann
on 2025/05/10 00:45

Change comment: There is no comment for this version

To version 1.1

edited by Mark Kohlmann
on 2025/05/09 18:24

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -18,15 +18,58 @@
  ==== SAML IdP Claim Mapping: ====
  |=Function|=Attribute Name|=Required|=Expected Value|=Sample Values|=Notes
--|User Id|{{{http://schemas.microsoft.com/identity/claims/objectidentifier}}}|Y|GUID or unique identifier within the IdP system|{{{101507cb-90da-473d-bfa7-9967979824e7 00ab9c907defGhIJ1697}}}|If a GUID is not returned then the value is hashed and converted to a GUID
--|Username|{{{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier}}}|Y|username or email address|{{{john.doe jane.doe@example.com}}}|
--|Display Name|{{{http://schemas.microsoft.com/identity/claims/displayname}}}|Y|User's name|Example: John|{{{John Doe}}}|
--|User Group|{{{http://schemas.microsoft.com/ws/2008/06/identity/claims/role}}}|Y|User's Group Name|{{{Administrators End Users General Users}}}|Must match a ShowRunner User Group name
--|PIN|pin|N|User's passcode/PIN code for touchscreen|{{{123456}}}|
--|Touchscreen Access Level|touchscreenAccessLevel|N|Access level for the user when access a touchscreen|{{{Valid Values: None, Technician, User Example: Technician}}}|
--|Login Permitted|userLoginPermitted|N|Locations where a user can login.  Multiple values are supported|{{{Valid Values: None, Touchpanel, Web Example: Touchpanel,Web}}}|Comma separated listed of valid values
--|Login Method|userLoginMethod|N|How a user can login|{{{Valid Values: None, Username, PIN Example: Username,PIN}}}|Comma separated listed of valid values
++|User Id|
++{{{http://schemas.microsoft.com/identity/claims/objectidentifier}}}|Y|GUID or unique identifier within the IdP system|
++
++{{{101507cb-90da-473d-bfa7-9967979824e7
++00ab9c907defGhIJ1697}}}|If a GUID is not returned then the value is hashed and converted to a GUID
++|Username|
++
++{{{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier}}}|Y|username or email address|
++
++{{{john.doe
++jane.doe@example.com}}}|
++|Display Name|
++
++{{{http://schemas.microsoft.com/identity/claims/displayname}}}|Y|User's name
++Example: John|
++
++{{{John Doe}}}|
++|User Group|
++
++{{{http://schemas.microsoft.com/ws/2008/06/identity/claims/role}}}|Y|User's Group Name|
++
++{{{Administrators
++
++End Users
++
++General Users}}}|Must match a ShowRunner User Group name
++|PIN|pin|N|User's passcode/PIN code for touchscreen|
++
++{{{123456}}}|
++|Touchscreen Access Level|touchscreenAccessLevel|N|Access level for the user when access a touchscreen|
++
++{{{Valid Values:
++None, Technician, User
++
++Example:
++Technician}}}|
++|Login Permitted|userLoginPermitted|N|Locations where a user can login.  Multiple values are supported|
++
++{{{Valid Values:
++None, Touchpanel, Web
++
++Example:
++Touchpanel,Web}}}|Comma separated listed of valid values
++|Login Method|userLoginMethod|N|How a user can login|
++
++{{{Valid Values:
++None, Username, PIN
++
++Example:
++Username,PIN}}}|Comma separated listed of valid values
++
  ==== Notes: ====
  * Value mapping must be done on IdP side
@@ -33,7 +33,7 @@
  * A successful authentication with the IdP will add the user to ShowRunner's user database if they don't exist
  * User matches occurs based on the User Id, ensure that the User Id is unique within your IdP
  * All user values will be updated if they change within the IdP system
--* Non-Required values that are not sent with the SAML assertion will not update the ShowRunner's users equivalent value
++* Non-Required values that are not sent with the SAML assertion will not update the ShowRunner's users
  ==== Example Integrations: ====