Hello everyone, I need help with the correct setup of single sign-on via Azure SAML.
There are customer users in the local database on our Znuny 6 LTS server with a user name like "company_lastname" and a stored e-mail address.
With SAML, it should no longer be possible to log in with the user name, but only with the e-mail address as this is the unique identifier in Azure.
Is it even possible for Znuny to allow a customer user to log in via SAML with their e-mail address + password instead of username + password? If not, this would mean that the user name would have to be changed to the e-mail address for all customer users, right?
So far I have configured the Apache module mod_mellon so that the customer web interface under /customer.pl redirects to Microsoft correctly. If a customer user now tries to log in, a message appears "Authentication succeeded, but no customer record is found in the customer backend. Please contact the administrator."
Otherwise, could this just be a mapping problem?
Thanks in advance
There are customer users in the local database on our Znuny 6 LTS server with a user name like "company_lastname" and a stored e-mail address.
With SAML, it should no longer be possible to log in with the user name, but only with the e-mail address as this is the unique identifier in Azure.
Is it even possible for Znuny to allow a customer user to log in via SAML with their e-mail address + password instead of username + password? If not, this would mean that the user name would have to be changed to the e-mail address for all customer users, right?
So far I have configured the Apache module mod_mellon so that the customer web interface under /customer.pl redirects to Microsoft correctly. If a customer user now tries to log in, a message appears "Authentication succeeded, but no customer record is found in the customer backend. Please contact the administrator."
Otherwise, could this just be a mapping problem?
Thanks in advance
Code:
/etc/httpd/conf.d/auth_mellon.confCode:
<Location /> MellonEnable "info" MellonEndpointPath "/mellon" MellonSPMetadataFile "/etc/httpd/mellon/mellon_metadata.xml" MellonSPPrivateKeyFile /etc/httpd/mellon/mellon.key MellonSPCertFile /etc/httpd/mellon/mellon.crt MellonIdPMetadataFile /etc/httpd/mellon/idp_metadata.xml</Location><LocationMatch /customer.pl> AuthType Mellon MellonEnable auth Require valid-user MellonDecoder "none" MellonVariable "cookie" MellonSecureCookie On MellonUser "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"</LocationMatch>Statistics: Posted by Charburner — 08 Jul 2024, 16:37 — Replies 3 — Views 83