Forum Discussion

creativeguitar's avatar
3 years ago

AD groups with Single Sign On

I have configured SSO with ping and was able to configure the SAML User successfully with the following format <username>@<doman>

the problem now is that I am trying to configure the SAML groups with the same format and I am able to add them to the webui under SAML Groups <group name>@<domain> but users inside the group fail to authenticate

 

I configured SSO as followed

Identity provider name: [veritas_configuration]
Identity provider type: [SAML2]
Identity provider user: [userPrincipalName]
Identity provider user groups: [memberOf]
Enabled: [true]

 

and I am getting userPrincipalName and memberOf in the SAML response in the same format <username/group>@<domain>

  • Once SSO was setup, I used the WebUI, I had added a SAML group as <group_name>@<full_domain_name> and it worked. The only issue I noticed is that if I use a browser session where I was using SSO with a normal username, it would give me an error. This is because my access to the WebUI/Java console is only via my "admin" account. So make sure the users are using the correct account.

    Also, are you able to test SSO using SAML group just for yourself? If that works, there is something on the user's side.

     

  • X2's avatar
    X2
    Moderator

    Once SSO was setup, I used the WebUI, I had added a SAML group as <group_name>@<full_domain_name> and it worked. The only issue I noticed is that if I use a browser session where I was using SSO with a normal username, it would give me an error. This is because my access to the WebUI/Java console is only via my "admin" account. So make sure the users are using the correct account.

    Also, are you able to test SSO using SAML group just for yourself? If that works, there is something on the user's side.

     

    • you are correct! The main issue that I was having is that the SP provider was passing me the value "username" in the metadata file. Once they concatenated "@domain" to the username, then it started working.