How You Identify the SAML Subject for Contact Login
For contacts, only IdP-initiated SSO is supported. The parameter used to identify the SAML subject contents must be passed to the openlogin controller as a GET parameter.
The format of the URL is:
your_site/ci/openlogin/saml/subject/SAML_subjectFor example:
mysite.example.com/ci/openlogin/saml/subject/contact.emails.addressThe subject value must be unique in order for the single sign-on to be successful. For example, if email address sharing is enabled, the potential for more than one contact having the same email address exists (even if the primary email address for one is the alternate email address of another), so you should not use the email address as the subject. A similar situation might occur with custom fields if multiple customers can have the same value for a contact custom field.
The parameter, named subject, is optional and
defaults to contact.login. Its values include the
following:
contact.emails.address—The assertion subject is the contact email address, and the value can be the contact’s primary email address or one of the alternate email addresses. The contact.emails.address value is case insensitive.contact.id—The assertion subject is the contact ID in the Oracle database.contact.login—The assertion subject is the contact login, which is the preferred mapping since it requires no lookup from the database. This is the default mapping value ifsubjectisn't set. The contact.login value is case sensitive.contact.customfields.[customfield-name]—The customfield-name variable is the actual name of the custom field in the database (as well as the name of the database column), and the assertion subject is the contact custom field value. The assertion subject is then passed to the API asCustomFieldand the name in the subject GET parameter is sent to the API as theCustomFieldNamevalue. Thec$prefix is added if necessary.
- Menu
- Yes/No
- Date/Time
- Date Field
- Opt-in