This community is currently in a read-only state due to a maintenance window. For more info click here

Mandatory Attributes for Aruba central SSO Login

MVP
MVP
Q:

What are the Mandatory Attributes which has to be sent by IDP server for SSO login through Aruba Central for standalone Customer(NOT MSP)?



A:

Below are the Mandatory attributes which has to sent by IDP(Identity Provider) :

•NameID—The NameID attribute must include the email address of the user. 

<NameID>johnnyadmin1@adfsaruba.com</NameID>

•aruba_1_cid = <customer-id>

•aruba_1_app_1 = central

•aruba_1_app_1_role_1 = <readonly> or <admin>

 

Below Example is the SAML Traces logs (debug logs for troubleshooting) which will show us the Attribute which is returned by IDP server.

<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">lynctest1@primegrp.com</NameID>
            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="ONELOGIN_d58fe91c9f40ae14bd8c6803fff2410b7f537dd6"
                NotOnOrAfter="2019-07-08T18:01:37.888Z"
                Recipient="https://portal.central.arubanetworks.com/global_login/aaa_saml/primegrp.com?acs"/></SubjectConfirmation>
        </Subject>

            <Attribute Name="aruba_1_app_1">
                <AttributeValue>central</AttributeValue>
            </Attribute>
            <Attribute Name="aruba_1_cid">
                <AttributeValue>8005597</AttributeValue>
            </Attribute>
            <Attribute Name="aruba_1_app_1_role_1">
                <AttributeValue>readonly</AttributeValue>

 

Attached the screenshot taken from SAML TRACER TOOL.


Attachments:
Screen Shot 2019-08-16 at 1.03.00 AM.png
Screen Shot 2019-08-16 at 1.02.34 AM.png
Version history
Revision #:
2 of 2
Last update:
‎08-24-2020 05:10 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: