使用本文作为支持的声明和SAML断言示例的参考。
必需属性
为了成功的登录身份验证,持久性ID和电子邮件地址声明都需要传递到Smartsheet。这需要两个独立的声明,你会在下面找到更多的细节。
持续的ID-这可以被描述为一个身份中最不可能改变的属性。Smartsheet接受在NameID元素中编码的六种格式(其中一些在SAML 2.0标准中没有指定)。以下是我们支持的格式:
- urn: oasis:名字:tc: SAML 1.1: nameid-format: emailAddress
- urn: oasis:名字:tc: SAML 2.0: nameid-format:电子邮件
- urn: oasis:名字:tc: SAML 2.0: nameid-format:持久
- urn: oasis:名字:tc: SAML 2.0: nameid-format:不明
- urn: oasis:名字:tc: SAML 1.1: nameid-format:不明
- urn: oid: 1.3.6.1.4.1.5923.1.1.1.10
Smartsheet也可以接受不带NameID元素的断言,如果属性中有匹配以下属性的属性,则会从属性中提取一个Persistent ID值:
- name = " eduPersonPrincipalName " nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
- name = " http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname "
- name = "持续" nameFormat = " urn: oasis: names: tc: SAML: 2.0: nameid-format:持久”
- name = " urn: oid: 1.3.6.1.4.1.5923.1.1.1.6”nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format: uri”
- name = " eduPersonPrincipalName " nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format: uri”
电子邮件地址-这是与Smartsheet帐户相关联的电子邮件地址。这相当于Smartsheet服务中的用户名。这必须是一个属性,不能从NameID元素中提取。以下是公认的格式:
- name = "电子邮件" name = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress "
- name = " emailAddress ", nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
- name = "电子邮件",nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format:基本”
- name = " saml_username ", nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
- name = " emailaddress ", nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:未指明的“
- name = " emailaddress " nameFormat = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress "
- name = " urn: oid: 0.9.2342.19200300.100.1.3”,nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format: uri”
- name = "邮件",nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
可选属性
名字-与帐户相关的人的名字(名字)。以下是Smartsheet支持的格式:
- name = " givenName " name = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname "
- name = " givenname " nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format:基本”
- name = " given_name " nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
- name = " givenname " nameFormat = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname "
- name = " givenname " nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format:未指明的“
- name = " urn: oid: 2.5.4.42”nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format: uri”
姓-与帐户相关的人的姓氏(姓氏)。以下是Smartsheet支持的格式:
- name = "姓"
- name = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname "
- name = "姓" nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
- name = " sur_name " nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
- name = "姓" nameFormat = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname "
- name = "姓" nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:未指明的“
- name = " urn: oid: 2.5.4.4”nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format: uri”
样本断言
在生成元数据时,必须使用上面给出的声明。
单击以下链接查看SAML响应断言的几个示例:
https://www.samltool.com/generic_sso_res.php
注意:这些示例仅用于说明目的,在Smartsheet中不起作用。元数据必须由IdP生成。