SAML multi organization in API Portal
search cancel

SAML multi organization in API Portal

book

Article ID: 275020

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Customer is running the portal on 5.2 and is trying to use Azure AD for their SSO, they would like to use multiple organizations, which they have listed in their SAML response,

however they are getting only one organization when they are signing on using SSO and not getting access, is there something that needs to be changed in their saml response for it to work?

Environment

Release : 5.2.1

Resolution

The saml response needs to have a attribute which maps the role and organization together 

Like 

<saml:Attribute Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
   <saml:AttributeValue xsi:type="xs:string">{organization:org1,role:developer};{organization:org2,role:admin}  </saml:AttributeValue>
</saml:Attribute>

in this case you can set a regex to filter out the information from this attribute

{organization:${organization},role:${role}}

But the information needs to be in one attribute not in multiple