SAML断言:Smartsheet中支持的索赔示例

适用于

内容
  • 企业

有关计划类型和包括的功能的详细信息,请参见内容的计划页面。

使用本文作为支持的声明和SAML断言示例的参考。

必需属性

为了成功的登录身份验证,持久性ID和电子邮件地址声明都需要传递到Smartsheet。这需要两个独立的声明,你会在下面找到更多的细节。

持续的ID-这可以被描述为一个身份中最不可能改变的属性。Smartsheet接受在NameID元素中编码的六种格式(其中一些在SAML 2.0标准中没有指定)。以下是我们支持的格式:

  • urn: oasis:名字:tc: SAML 1.1: nameid-format: emailAddress
  • urn: oasis:名字:tc: SAML 2.0: nameid-format:电子邮件
  • urn: oasis:名字:tc: SAML 2.0: nameid-format:持久
  • urn: oasis:名字:tc: SAML 2.0: nameid-format:不明
  • urn: oasis:名字:tc: SAML 1.1: nameid-format:不明
  • urn: oid: 1.3.6.1.4.1.5923.1.1.1.10

Smartsheet也可以接受不带NameID元素的断言,如果属性中有匹配以下属性的属性,则会从属性中提取一个Persistent ID值:

  • name = " eduPersonPrincipalName " nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
  • name = " http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname "
  • name = "持续" nameFormat = " urn: oasis: names: tc: SAML: 2.0: nameid-format:持久”
  • name = " urn: oid: 1.3.6.1.4.1.5923.1.1.1.6”nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format: uri”
  • name = " eduPersonPrincipalName " nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format: uri”

电子邮件地址-这是与Smartsheet帐户相关联的电子邮件地址。这相当于Smartsheet服务中的用户名。这必须是一个属性,不能从NameID元素中提取。以下是公认的格式:

  • name = "电子邮件" name = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress "
  • name = " emailAddress ", nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
  • name = "电子邮件",nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format:基本”
  • name = " saml_username ", nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
  • name = " emailaddress ", nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:未指明的“
  • name = " emailaddress " nameFormat = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress "
  • name = " urn: oid: 0.9.2342.19200300.100.1.3”,nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format: uri”
  • name = "邮件",nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”

可选属性

名字-与帐户相关的人的名字(名字)。以下是Smartsheet支持的格式:

  • name = " givenName " name = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname "
  • name = " givenname " nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format:基本”
  • name = " given_name " nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
  • name = " givenname " nameFormat = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname "
  • name = " givenname " nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format:未指明的“
  • name = " urn: oid: 2.5.4.42”nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format: uri”

-与帐户相关的人的姓氏(姓氏)。以下是Smartsheet支持的格式:

  • name = "姓"
  • name = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname "
  • name = "姓" nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
  • name = " sur_name " nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:基本”
  • name = "姓" nameFormat = " http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname "
  • name = "姓" nameFormat = " urn: oasis: names: tc: SAML: 2.0: attrname-format:未指明的“
  • name = " urn: oid: 2.5.4.4”nameFormat = " urn: oasis:名字:tc: SAML: 2.0: attrname-format: uri”

样本断言

在生成元数据时,必须使用上面给出的声明。

单击以下链接查看SAML响应断言的几个示例:
https://www.samltool.com/generic_sso_res.php

注意:这些示例仅用于说明目的,在Smartsheet中不起作用。元数据必须由IdP生成。