Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Current »

This is a list of custom things that our support team has found that helped some customers with their FD SSO config files to provide custom options to different Providers.

Passing custom query parameters to your OIDC Provider

oidcConfig.customParams = key: value, key2:v2

Allow unsigned tokens from your OIDC Provider

oidcConfig​.allowUnsignedIdTokens​=true

Custom SAML login URL

To modify the sign on url for SAML, access the provided metadata url. Usually you would just paste this URL into the fdsso.config file. Instead, copy the xml contents and paste it into a file that is located on the FlexDeploy server (not inside the apache-tomcat-flexdeploy folder). Then modify the file as needed. Reference this new file path from the fdsso.config file instead of the URL.

What SAML information does FlexDeploy use?

We use the attribute “UserName” if it exists as the user.

If it doesn’t, we use the first SAML attribute that ends with “UserName”.

If none do, we use the SAML ID attribute as the username.

If the username that is determined from those locations matches an existing username in FlexDeploy, the user is considered to be the same user.

If it doesn’t exist, then the users email, first name, and last name are looked for in the SAML attributes.

  • given_name is used for first name

  • family_name is used for last name

  • email is used for email

Currently these fields are not configurable in FlexDeploy, but they have worked with all IDPs tested so far.

  • No labels