epegis

[Question] ARCGIS Online - Enterprise Login using simpleSAMLphp

Discussion created by epegis on May 12, 2014
Good Morning everyone,

I would like to know if somebody from this forum has experienced the problem described below and how they got it solved.

I am using simpleSAMLphp to authenticate with ARCGIS Online. Right now it is working, however, the following two concerns are happening:

1. I cannot use the "invitation required" option when I enabled it on ArcGIS Online. The reason is that the SAMLResponse adds an underscore and some wording at the end of NameID, no matter which AD attribute I pass through my IdP. For instance, I am passing the "mail" attribute but the authentication cannot be granted because the e-mail that I am sending once the user is authenticated (xxx@company.com) and the e-mail that I am using to send the invite (xxx@company.com) do not match. The problem is that there is an extra "_company" string attached at the end of the e-mail (that I am getting as a response from my IdP) so it is comparing against "xxxx@company.com_company" and of course, they are not the same. Any thoughts about what is going on and how can I fix this so the  extra "_company" is not added at the end of the response?

2. If I do not enable the "invitation required", I am able to log in (but still, the "_company" is added anyways). However, my concern here is that the givenName from my AD is not displayed correctly. On ARCGIS Online, instead of displaying my name (at the top right-hand side), it displays weird characters like "RXYmnql==". I verified the SAMLResponse and in fact, that weird string belongs to the givenName attribute but for some reason, it is not displayed on ARCGIS online properly. Do you have any suggestions on this as well?

I would appreciate your feedback on both questions and thank you so much in advance.

Outcomes