samlpersistentopenamtransient

OpenAM SAML2 Transient Federation and Persistent Federation


Is it applicable to configure OpenAM service provider to support both SAML2 Transient federation and persistent federation at the same time from different IDP and how can we configure this?

(Note: now we did not store user identity in SP)

Also is it applicable to map different SAML Assertion Attribute in SAML response Coming from different IDP to the same attribute in OpenAM service provider if we implemented both SAML2 Transient federation and persistent.

example : if IDP1 send the "user email" like “UserEmail” and IDP2 send "user email" like “email”

how we can map this in our service provider.

Note : openAM version 13.0.0


Solution

  • Is it applicable to configure OpenAM service provider to support both SAML2 Transient federation and persistent federation at the same time from different IDP

    Yes this is possible.

    how can we configure this?

    It may depend on the version of OpenAM you are using, hence please provide the OpenAM version and which fork you are using as there are several OpenAM forks.

    Also is it applicable to map different SAML Assertion Attribute in SAML response Coming from different IDP to the same attribute in OpenAM service provider if we implemented both SAML2 Transient federation and persistent.

    Yes, you can configure both mappings in Attribute Map of hosted SP (Assertion Processing tab in OpenAM console). It does not depend on the NameID format being used.