A number of SAML claims are used to transmit information from ADFS to EAM. Each SAML claim will be configured in both ADFS and EAM. The name of the claim in EAM and ADFS must match exactly, including case.
On the EAM side, these claims will be specified in the SSO yaml configuration file, discussed in the HxGN EAM Single Sign-On Guide.
The following table lists recommended SAML claim names. These are only suggestions; any SAML claims may be used provided they fulfill the relevant function in EAM. For example, the primaryroleattribute in the yaml configuration specifies a SAML claim whose value is the name of an EAM role. If some other SAML claim will return the name of an existing EAM role, then that claim can be used instead of the claim given below.
EAM yaml field |
Name of SAML Claim |
---|---|
Userattribute |
http://schemas.infor.com/claims/Identity |
Primaryroleattribute |
http://schemas.infor.com/claims/SecurityRole |
Internaluserattribute |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn |
Emailattribute |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
In the ensuing text, the above SAML claim names are used as examples. If different SAML claims are selected, the examples can simply be modified accordingly.