SSO with ADFS missing Claim Rules

Question

I’m attempting to setup SSO via ADFS. The org is set up and I’ve downloaded the metadata and created the Relying Party Trust, but there’s no information on what I should use in the claim rules - email address → username or username didn’t work.

acosta · Answer

Yes I got it working with ADFS. I did the following:

Claim Rules:
LDAP Attributes:

Email as Name ID (LDAP Attributes)
Email as ADFS 1.x Email Address (LDAP Attributes)

ADFS 1.x E-Mail address - Transform Claim:
* Incoming claim type: ADFS 1.x E-Mail address
* Outgoing claim type: Name ID
* Outgoing nameID Format: email
* Passthrough all claim types: selected

Identifiers:

if you have multiple orgs, setup SSO on all of them and a Relaying Trust Party for each of them using the full login URL as an identifier: https://elastic.snaplogic.com/api/1/rest/admin/sso/login?org_path=**_org_name_here_**
For one of your Relaying Trust Party, in my case my Dev org, I also added the root part of the login URL as an identifier: https://elastic.snaplogic.com/api/1/rest/admin/sso/login.

URL to trigger SSO login:
You must use the org you setup with the “root” login URL:
* Option 1 - Direct URL with ORG name
*  Option 2 - Go to SnapLogic login page, click on “Log in via SSO”, type your Org name in the box and log in.

epearson · Answer

Did you figure this out? Running into same issue.

Forum Discussion

SSO with ADFS missing Claim Rules

2 Replies

Recent Discussions

trace API and proxy calls

Pagination Logic Fails After Migrating from REST GET to HTTP Client Snap

Pipeline Execute Pool size

Concat values of a field based on value of another field

JWT Configuration for SnapLogic Public API