How the LDAP Attributes Work for SAML Web Portals
Article ID: 243158
Updated On:
Products
Issue/Introduction
A TCP/UDP service was configured for SAML SSO authentication to a web portal and the access policy is trying to be configured for users. How does the LDAP attribute work in the SAML part of the policy?
Environment
Privileged Access Management, all versions
Resolution
When the LDAP user logs into the GUI, PAM will check if the user has any SAML web portal policies and determine which attributes are needed for the assertion. It will then resolve those attributes in an LDAP query and store it in the user's session information. When the user launches the web portal, PAM will get the information from the user's session information and create the assertion.
When configuring the policy, select LDAP Attribute from the Attribute column. In the Value column, put the attribute exactly as it is in LDAP. For example, use sAMAccountName, userPrincipalName, etc.
Feedback
