You are currently reviewing an older revision of this page.

DRAFT KB-[SP-4917] How to enable additional SAML Assertion validations on Appian Cloud

Purpose

Appian has introduced additional SAML Assertion validations for improved security that will be enabled by default on Appian Cloud versions 20.3 and later. This feature is not enabled by default on Appian Cloud versions 20.2 and earlier. As this feature validates addition SAML Assertion parameters, the introduction of this feature may result in SAML login failures for some users.

To verify if any SAML configuration changes are needed to pass the additional SAML Assertion validations, Appian Cloud Customers on 20.2 and earlier can take the following steps to request this feature be enabled.

Instructions

To verify if this feature will cause SAML login issues:

  1. Take a SAML Trace as outlined in the last section of KB-1450. The SAML trace must include the SAML Assertion from a login attempt.
  2. Navigate to the SAML Authentication section in the Admin Console and click into the desired SAML configuration.
  3. Take screenshots of the page to be submitted in a later step.
  4. Confirm if the Service Provider Entity ID field in the Admin Console matches the <saml:Audience> field value from the SAML Trace exactly.
  5. If the fields from step 4 match, proceed to step 6.
  6. If the fields from step 4 do not match exactly, update the <saml:Audience> field value on the Identity Provider configuration to match the Service Provider Entity ID value.
  7. Open a Support Case with Appian Support requesting this additional SAML Assertion validation feature be enabled to confirm users can login successfully, providing the SAML trace from step 1 and the screenshots from step 4.

Affected Versions

This article applies to all versions of Appian Cloud.

Last Reviewed: August 2020

© 2024 Appian. All rights reserved.