6 procedure 6: modify zscaler metadata, Procedure 6: modify zscaler metadata – HID Zscaler and ActivID AS using SAML User Manual
Page 10
ActivID Appliance and Zscaler Web Security | SAML 2.0 Channel Integration Handbook
External Release | © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page | 10
2.6
Procedure 6: Modify Zscaler Metadata
Zscaler must be able to attribute values within the response to an authentication request before it can authorize
access via the Internet. You can configure these attributes for the ActivID Appliance.
Note: The ActivID Appliance IDP only returns the configured attribute values within the assertion if
the Zscaler SAML Authentication request contains a reference to the index. That is why it is
necessary to add this attribute (isDefault=”true”) in the Zscaler metadata.
isDefault="true "> readable identifier and optional name and e-mail address. Name=" http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress " NameFormat=" urn:oasis:names:tc:SAML:2.0:attrname-format:uri " /> Name=" http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name " NameFormat=" urn:oasis:names:tc:SAML:2.0:attrname-format:uri " /> Name="h ttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/group " NameFormat=" urn:oasis:names:tc:SAML:2.0:attrname-format:uri " />
The following snippets are examples for the attributes mail, group, and name: