Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a list of custom things that our support team have has found that helped some customers with their FD SSO config files to provide custom options to different Providers.

Table of Contents

Passing custom query parameters to your OIDC Provider

oidcConfig.customParams = key: value, key2:v2

Allow unsigned

...

tokens from your

...

OIDC Provider

oidcConfig​.allowUnsignedIdTokens​=true

Custom SAML login URL

To modify the sign on url for SAML, access the provided metadata url. Usually you would just paste this URL into the fdsso.config file. Instead, copy the xml contents and paste it into a file that is located on the FlexDeploy server (not inside the apache-tomcat-flexdeploy folder). Then modify the file as needed. Reference this new file path from the fdsso.config file instead of the URL.

Configuring Single Sign On of type Redirect instead of POST

By default, FlexDeploy uses type POST. If you get an error that the “Identity Provider has no single sign on service available for the selected profile, you need to select an alternate one.

To to this, in your SSO Config file, you should add the line:

Code Block
saml2Config.authnRequestBindingType = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

What SAML information does FlexDeploy use?

We use the attribute “UserName” if it exists as the user.

If it doesn’t, we use the first SAML attribute that ends with “UserName”.

If none do, we use the SAML ID attribute as the username.

If the username that is determined from those locations matches an existing username in FlexDeploy, the user is considered to be the same user.

If it doesn’t exist, then the users email, first name, and last name are looked for in the SAML attributes.

  • given_name is used for first name

  • family_name is used for last name

  • email is used for email

Currently these fields are not configurable in FlexDeploy, but they have worked with all IDPs tested so far.