Continuous Delivery Director

  • Private Community
 View Only

  • 1.  CDD unable to fetch user first and last name while creating a new user via SAML

    Posted Jul 11, 2019 09:01 AM

    We are working on the enablement of SSO in CDD.

    For the existing users the SSO is working fine, but for new users the SSO creates a new user within CDD.

    But this new user only has the email id and there is no user  first and last name available in the created user.

    Can you please suggest how to fix this?



  • 2.  RE: CDD unable to fetch user first and last name while creating a new user via SAML

    Broadcom Employee
    Posted Jul 11, 2019 09:39 AM
    Hi Saurabh,

    I recently worked on an issue where engineering confirmed that CDD gets the user information from the IDP. 
    I'm not super familiar with all of the technical details behind this. But I just did a quick google search and found the following. In this case, and anyone feel free to correct me if I'm wrong (or confirm if I'm right :)), I believe CDD would be considered the service provider: 
    https://www.gluu.org/resources/documents/articles/how-does-saml-work-idps-sps/
    https://learn.oracle.com/ords/launchpad/learn?page=what-is-idp-sp-and-saml&context=0:42479:42502

    Kind regards,
    Gregg 
    Original Message


  • 3.  RE: CDD unable to fetch user first and last name while creating a new user via SAML

    Posted Jul 11, 2019 11:06 AM
      |   view attached

    Hi Gregg,

     

    Thanks for your support.

    One more query

     

    On the CA support documentation I find the below information: (Please refer the screenshot attached)

    (https://docops.ca.com/ca-continuous-delivery-director/7-0/en/troubleshooting/troubleshoot-saml-configuration#TroubleshootSAMLConfiguration-Whyareusermanagementpropertiesmissing )

     

    Outgoing claim type(Select or type to add more)

    Name ID

    EmailAddress

    Firstname

    LastName

     

     

    Is there a possibility to add a role in the SAML response attribute?

    We want that when a new user accesses CDD , he should get logged on with a default role.

     

     

    -Thanks,

    Saurabh

     

     

     

     

     

     

     




    Original Message


  • 4.  RE: CDD unable to fetch user first and last name while creating a new user via SAML

    Broadcom Employee
    Posted Jul 11, 2019 11:48 AM
    Edited by Gregg Stewart Jul 11, 2019 11:56 AM
    Hi Saurabh,
    I see that groups are assigned a default role of designer. But I don't see anything for users. I'm working on finding out. 
    Kind regards,
    Gregg



  • 5.  RE: CDD unable to fetch user first and last name while creating a new user via SAML
    Best Answer

    Broadcom Employee
    Posted Jul 11, 2019 01:20 PM
    Hi Saurabh,

    I received feedback from an expert on our side. He explains: 
    SAML is used for authentication and not for authorization.
    There isn't any possibility to pass a user "Role" attribute in the SAML response.
    You may create/import the users in advance and assign them to a specific group that has a Designer role in CDD.


    Kind regards,
    Gregg
    Original Message