Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
jmriera Absent Member.
Absent Member.
840 views

Add multiple contacts in IDP federation

Hi,

I'm trying to federate with a SP using SAML 2.0, and the SP requires two contact information (1 technical and 1 support).

This information can be changed in IDP -> General -> Organization -> Principal Contact but it seems we can only define a single entry.

Does anyone know if it's possible to define more than one contact? Can I customize the Contact Type? (support is not defined).

And if it's not possible to change it using Administration Console, could I modify it in any configuration file?

Thank you in advance,
0 Likes
5 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Add multiple contacts in IDP federation

On 15-06-2018 6:04 PM, jmriera wrote:
>
> Hi,
>
> I'm trying to federate with a SP using SAML 2.0, and the SP requires two
> contact information (1 technical and 1 support).
>
> This information can be changed in IDP -> General -> Organization ->
> Principal Contact but it seems we can only define a single entry.
>
> Does anyone know if it's possible to define more than one contact? Can I
> customize the Contact Type? (support is not defined).
>
> And if it's not possible to change it using Administration Console,
> could I modify it in any configuration file?


Out of the box this is a little tricky as it doesn't really work. What you could do is to allow the contract used for support to satisfy the contract
for technical (or visa versa). Then the support user would sign in to the IDP first and then they would go to the service provider. As they already
have a session with the IDP it would generate a saml token and redirect them.


--
Cheers,
Edward
0 Likes
jmriera Absent Member.
Absent Member.

Re: Add multiple contacts in IDP federation

Hi Edward,

Thank you, I'll investigate this option.

Regards,
0 Likes
lelle1 Absent Member.
Absent Member.

Re: Add multiple contacts in IDP federation

Hi,

is the question related to two different logins or to contact information in the IDP's metadata?

/Lelle
0 Likes
Highlighted
jlrodriguez Super Contributor.
Super Contributor.

Re: Add multiple contacts in IDP federation

lelle;2483322 wrote:
Hi,

is the question related to two different logins or to contact information in the IDP's metadata?

/Lelle


I'm trying to get the same, having two contact information in the IDP's metadata. Is it possible?

Regards
Jose Luis
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Add multiple contacts in IDP federation

I just managed to do this:

<md:ContactPerson contactType="other">
<md:EmailAddress>Technical: tech@site.com - Support: support@site.com</md:EmailAddress>
</md:ContactPerson>


It seems that the UI has some javascript validation on the field and it won't allow you to put this in. The downside of the above is that it in violation of the saml2 metadata spec as it states that the emailAddress has to be of format anyURI so it could cause you headaches down the track trying to setup trusts with SPs and/or IDPs. According to the spec you can have multiple md:EmailAddress elements but NAM doesn't allow you to do this by the looks of it, neither does it allow you to create a second contract person which is allowed if I understand the metadata spec correctly.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.