-
Title
A Service Provider (SP) has advised that it's a requirement to pass certain attributes from CAM to the SP in order for SAML SSO to work. -
Description
The Service Provider (SP) for an application being configured in Cloud Access Manager has advised and provided a specific attribute or attributes that need to be sent from CAM to the SP in order for SAML SSO to work. -
Resolution
This can be achieved through claim mappings. The configuration settings for this are located in the application configuration under Claim Mapping. Claim rules are used to send a user attribute or static value to the target application.
If the claim mappings have been configured and the configuration is not working support will require STS debug logs so we can see what is being sent by CAM in the SAML response. If you are not encrypting the SAML response then a fiddler trace would also help support to see what is being sent in the browser.How to enable debug in Cloud Access Manager - KB article 117431
https://support.oneidentity.com/cloud-access-manager/kb/117431/
How to capture a Fiddler trace to diagnose application setup issue - KB article 119026
https://support.oneidentity.com/cloud-access-manager/kb/119026/