Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
6 replies
Subscribers
7 subscribers
Views
3064 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
Administration
#SAML. We are on Appian V7.11 cloud and implemented SSO via SAML wherein Appian
sathishkumars
over 9 years ago
#SAML. We are on Appian V7.11 cloud and implemented SSO via SAML wherein Appian is the Service Provider. The identity provider sends the SAML Token assertion with uid attribute for Appian username. If the identity provider sends some extra attributes in the SAML token (for e.g. <xml:Attribute Name="the name"> <saml:AttributeValue xmlns:xs="
www.w3.org/.../XMLSchema"
xsi:type="xs:string">the value</saml:AttributeValue> </saml:Attribute>), how can it be consumed/extracted/intercepted in Appian ?
OriginalPostID-189159
OriginalPostID-189159
Discussion posts and replies are publicly visible
0
Tom Ryan
Appian Employee
over 9 years ago
You may be able to specify these in the additional attribute fields in the SAML config Admin Console page, under 'E-mail Attribute', 'First/Last Name Attribute'.
If these do not meet your requirements, can you add some more detail regarding the use case here?
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
sathishkumars
over 9 years ago
Thank you Tom. Our use case is that the IDP can pass policy number in the SAML token Attribute, and we need to know how can the policy number be extracted in Appian ?
But also, can you please let us know on how can we extract the First/Last name or E-mail attribute in Appian ?
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Tom Ryan
Appian Employee
over 9 years ago
Do you mean for use in a process model/app? As far as I know the fields on the Admin console page are only used for the authentication process. If you want to sync data from your IDP with Appian accounts, then the best approach is probably to set up an additional scheduled process for pulling in this data, eg for LDAP:
forum.appian.com/.../LDAP_Synchronization.html
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
sathishkumars
over 9 years ago
Thanks again Tom. Yes - our use case is to use the extra attributes passed by IDP in an Appian process model/app. Is this possible at all ? Because, SAML XML provides the feature of adding extra attributes other than just the authentication statement.
For e.g. <xml:Attribute Name="the name"> <saml:AttributeValue xmlns:xs="
www.w3.org/.../XMLSchema"
xsi:type="xs:string">the value</saml:AttributeValue> </saml:Attribute>
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Tom Ryan
Appian Employee
over 9 years ago
I don't think there is any functionality OOTB to take advantage of this, I think the best approach as I mentioned will be to design a process model to connect to the IDP to pull in this information. Depending on the methods available for doing this on the IDP, you may need to create a custom plugin to assist with this task.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
sathishkumars
over 9 years ago
Thanks a lot Tom...
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel