Versions Compared

Old Version 14

changes.mady.by.user Benn Oshrin

Saved on

compared with

New Version Current

changes.mady.by.user Shayna Atkinson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

Table of Contents


Excerpt
The Env Organizational Identity Source Plugin is designed to pull attributes from environment variables, generally populated by web server authentication modules.

Modes

Section


Column


Org Identity Source ModeSupport
Manual Search and LinkingNot supported
Enrollment, AuthenticatedSupported
Enrollment, ClaimNot supported
Enrollment, SearchNot supported
Enrollment, SelectNot supported



Column


Org Identity Sync ModeSupport
FullNot supported
QueryNot supported
UpdateNot supported
ManualNot supported



...

  • An environment variable must be mapped to Identifier (System of Record ID), which will serve as the unique key for the record.
  • In order for an identifier to be used for login to Registry, the Login box must be ticked for that identifier in the configuration.
    • (warning) The System of Record ID is not intended to be a login identifier, since it is a unique, persistent key. To use an identifier as both a System of Record ID and a login identifier, populate it into both the Identifier (System of Record ID) field as well as another Identifier field, such as Network or ePPN.
  • As a valid Organizational Identity requires a Primary Name, the environment variables should collect a name from the external identity provider in order for an Organizational Identity to be created. If the environment variable mapped to Given Name (Official) is empty the value of the environment variable mapped to Identifier (System of Record ID) will be used. If the environment variable mapped to Family Name (Official) is empty the value from the localization text pl.envsource.name.unknown is used (the localization texts for the plugin are found in the Lib/lang.php file under Plugin/EnvSource).
  • (warning) Be sure to click Save when presented the initial configuration page, even if accepting the default environment variable names presented.


Info

Deployers using mod_auth_openidc for authentication must adjust the names of expected environment variables.

Duplicate Handling

Registry v4.1.0 adds duplicate handling capabilities when EnvSource is used as an Enrollment Source. There are three available modes:

...

Note

You may need to adjust the configuration of your web server authentication module, e.g. the Shibboleth SP, to ensure that the attributes for the authenticated user are put into the environment so that they can be consumed by Env Source. You may want to review the section "Integrate Web Server Authentication" at Registry Installation - Source.

Multi Value SAML Attributes Handling

Registry v4.3.0 adds multi-value SAML attributes parsing capabilities when EnvSource is used as  an Enrollment Source. There are three available modes:

  • Shibboleth SP: The semicolon (;) delimiter will be used to break down the multi-value list
  • SimpleSamlPHP SP: The comma (,) delimiter will be used to break down the multi-value list
  • Other: This is the default behavior. When selected no multi-value processing will happen.


Note

Currently only multi-value email attributes are supported

See Also