CloudHealth SSO user unable to access the Broadcom support portal after being assigned to Site ID
search cancel

CloudHealth SSO user unable to access the Broadcom support portal after being assigned to Site ID

book

Article ID: 402248

calendar_today

Updated On:

Products

CloudHealth

Issue/Introduction

Users of CloudHealth that authenticate via SSO may encounter issues signing into the Broadcom support portal, due to missing attributes from their SSO assertion. 

Resolution

  1. To resolve this issue please have your Identity Provider Administrator (IDP) review the claim rules setup for CloudHealth.

  2. Have them ensure that the following exist and are mapped to a value in the IDP that is populated for all users :

    - firstName
    - lastName


  3. Outside of this CloudHealth support can request that these values be manually populated by the AuthHub team, typically this should only be done if the issue impacts one to two users. To have this done submit a support ticket for CloudHealth and pass through the email address of the user(s) and the First Name / Last Name that should be populated. 

  4. Once the values are populated close down any open browser sessions and complete the CloudHealth SSO sign in process you would normally utilize and then attempt to access the Broadcom Support Portal.

 

Okta:

  1. Navigate to the Okta Console, and select Applications.

  2. Select the CloudHealth SAML application from the list displayed and navigate to the General Tab.

  3. Within this section select the Edit option against SAML settings.

  4. Select Next on the General Settings tab to move to the Configure SAML section.

  5. Under the Attribute Statements section add the following claims:

    Name: firstName
    Format: Unspecified
    Value: user.firstName

    Name: lastName
    Format: Unspecified
    Value: user.lastName

  6. The Attribute Statements section should appear as so:



  7. Save the new claim rules by selecting Next to move to the feedback tab, and then select Finish. 

Azure:

  1. Open the Azure Portal, and navigate to Entra ID.

  2. Within Entra ID select -> Enterprise Applications and select the CloudHealth SAML application from the list.
  3. Within the application select the Single Sign On option on the left nav

  4. Within this section select Edit against Attributes and Claims 

  5. Add two claims:

    Name: firstName
    Namespace: blank
    Source Attribute: user.givenname

    Name: lastName
    Namespace: blank
    Source Attribute: user.surname

  6. The claims will now be active under the Entra ID SAML app.

OneLogin

  1. Within the Onelogin portal navigate to Applications -> Applications

  2. Select the SAML app for CloudHealth from the list

  3. Navigate to the Parameters section in the left nav

  4. Select the + icon define the name of the claim as firstName, select the value as First Name and select Save

  5. Select the + icon again, and define the name of the claim as lastName, select the value as Last Name

  6. Finally hit the Save option in the top right of the parameters section.

ADFS

  1. Create a rule to send claims using a custom rule.
  2. In the Relying Party Trust folder, right-click the Relying Party Trust and select Edit Claims Issuance Policy.
  3. In the Edit Claims Issuance Policy dialog box, select Add Rule.
  4. In the Choose Rule Type section, select Send Claims using a Custom Rule from the Claim rule template dropdown, and click Next.
  5. In the Configure Claim Rule section, define a claim rule named firstName and add the following claim rule - 
     
    c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"]
 => issue(Type = "firstName", Value = c.Value);
  6. Repeat the process to define a claim rule named lastName and add the following rule - 

    c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"]
 => issue(Type = "lastName", Value = c.Value);

 

Powered by Wolken Software