Hi. I'm using AM for Salesforce integration. Due to a technical
limitation (see my posthttp://tinyurl.com/p75hbvw for details), I'm
considering using the SAML user Type "Assertion contains the Federation
ID from the User object". I can't find any documentation or instructions
on how to use this setting. The following is my setup:

Users are stored in eDirectory which has a custom attribute "employeeID"
.. In Salesforce, the username is employeeID@mycompany.com, which is NOT
the email address of the user.
The federationID is the cn of the user.
So for example, for user "John Doe", employeeID is 111, Salesforce
username is "111@mycompany.com", email address is "jdoe@mycompany.com",
cn is "jdoe", so the federation ID is "jdoe".

My configuration is roughly based on the Cool Solutions
articlehttp://tinyurl.com/n2lbdj7 except for the SAML UserID type as
well as attribute mapping and authentication response configuration.

My questions are as follows:

1. In attribute mapping, what is the name of the Remote Attribute in
Salesorce for federation ID? I tried using "Federation ID",
"FederationIdentifier" (this one is according to the Salesforce SOAP API
Reference Guide).

2. In configuring the authentication response for the Service Provider,
what should be the settings in this case?
I have tried the following:
Checking the persistent, transient and Unspecified checkboxes,
clicked on the radio button beside the "Unspecified" name identifier
format under "default", and select the "Ldap attribute cn[LDAP attribute
profile] beside the "default" that is selected.

The overall configuration above (after doing Identity Server -> Update
all) gave me an error "Error:The request to provide authentication to a
service provider has failed. (300101050-CFA89914371A42D7) "

3. Are there any settings that I missed for using this SAML UserID

Any help is appreciated.


ndrw_cheung's Profile: https://forums.netiq.com/member.php?userid=5241
View this thread: https://forums.netiq.com/showthread.php?t=47951