Anonymous_User Absent Member.
Absent Member.
162 views

Saml SSO for google apps with multiple emailid's


We have configured saml sso to google apps & it works fine when User has
one emailid. But there are some generic emailid's which are to be added
to the User & is there any way to Use saml to retrieve emails from those
generic accounts also when the User logs in to google using saml sso?


--
hvadla
------------------------------------------------------------------------
hvadla's Profile: https://forums.netiq.com/member.php?userid=7575
View this thread: https://forums.netiq.com/showthread.php?t=51107

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Saml SSO for google apps with multiple emailid's


hvadla;245595 Wrote:
> We have configured saml sso to google apps & it works fine when User has
> one emailid. But there are some generic emailid's which are to be added
> to the User & is there any way to Use saml to retrieve emails from those
> generic accounts also when the User logs in to google using saml sso?


If I understand correctly, you have a user who will have multiple email
addresses and you want all of them to show up in their Google profile
when they log in with SAML? Please let me know if I'm missing anything
there.

It is possible to send multiple email addresses in a SAML assertion via
attributes. However, I'm not sure if or how Google Apps would deal with
that.


--
MatthewEhle
------------------------------------------------------------------------
MatthewEhle's Profile: https://forums.netiq.com/member.php?userid=4
View this thread: https://forums.netiq.com/showthread.php?t=51107

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Saml SSO for google apps with multiple emailid's


Matthew, Yes you understood correctly. we are seeing invalid email
address error from google when we pass mulitiple email addresses.


--
hvadla
------------------------------------------------------------------------
hvadla's Profile: https://forums.netiq.com/member.php?userid=7575
View this thread: https://forums.netiq.com/showthread.php?t=51107

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Saml SSO for google apps with multiple emailid's


hvadla;245696 Wrote:
> Matthew, Yes you understood correctly. we are seeing invalid email
> address error from google when we pass mulitiple email addresses.


Looking at the Google SAML examples, it does not look like
identity/attribute provisioning is possible with SAML. You need to
create the users prior to login with the provisioning API. The API
should be able to create both email addresses for the user.

If you your mail attribute is multivalued then you will need to create a
custom external attribute class to figure out which one to select when
SSO'ing the user.

Can you post a sample SAML response that your IDP is sending to google?


--
rtruscot
------------------------------------------------------------------------
rtruscot's Profile: https://forums.netiq.com/member.php?userid=293
View this thread: https://forums.netiq.com/showthread.php?t=51107

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.