Controller-less WLANs

last person joined: 13 days ago 

IAP, Central, MSR, Outdoor Mesh

Mandatory Attributes for Aruba central SSO Login

By esupport posted Aug 24, 2020 08:10 AM


What are the Mandatory Attributes which has to be sent by IDP server for SSO login through Aruba Central for standalone Customer(NOT MSP)?


Below are the Mandatory attributes which has to sent by IDP(Identity Provider) :

•NameID—The NameID attribute must include the email address of the user. 


•aruba_1_cid = <customer-id>

•aruba_1_app_1 = central

•aruba_1_app_1_role_1 = <readonly> or <admin>


Below Example is the SAML Traces logs (debug logs for troubleshooting) which will show us the Attribute which is returned by IDP server.

<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"></NameID>
            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="ONELOGIN_d58fe91c9f40ae14bd8c6803fff2410b7f537dd6"

            <Attribute Name="aruba_1_app_1">
            <Attribute Name="aruba_1_cid">
            <Attribute Name="aruba_1_app_1_role_1">


Attached the screenshot taken from SAML TRACER TOOL.

Screen Shot 2019-08-16 at 1.03.00 AM.png
Screen Shot 2019-08-16 at 1.02.34 AM.png
1 comment


15 days ago

Is there a way to change the value that Clearpass sends the NameID attribute?  From the SAML tracer this is what is being sent <saml2:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">jmcuser</saml2:NameID>  I would like to it so that NameID field contains the EmployeeID rather than the username it shows now.