search cancel

How the LDAP Attributes Work for SAML Web Portals

book

Article ID: 243158

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

A TCP/UDP service was configured for SAML SSO authentication to a web portal and the access policy is trying to be configured for users. How does the LDAP attribute work in the SAML part of the policy?

Environment

Privileged Access Management, all versions

Resolution

When the LDAP user logs into the GUI, PAM will check if the user has any SAML web portal policies and determine which attributes are needed for the assertion. It will then resolve those attributes in an LDAP query and store it in the user's session information. When the user launches the web portal, PAM will get the information from the user's session information and create the assertion.

When configuring the policy, select LDAP Attribute from the Attribute column. In the Value column, put the attribute exactly as it is in LDAP. For example, use sAMAccountName, userPrincipalName, etc.

Attachments