SAML Authenication mapping with unique indentifier (ID) instead user name
Currently SAML authentication in Rosetta uses the user name for mapping to the IdP.
There is no guarantee that the user name is unique within one instituiton or does not get reused after a user has left the instition. This makes the field user name ambiguous.
It gets more problematic if users from more than one IdP want to authenticate for Rosetta. This happens in a consortia setup or when guest users are stored in a separate IdP. If authentication has to be set up with more than one IdP the user name will no longer be unique and it will cause problems with authentication.
Mapping between Rosetta users and the IdP should be done by the unique identifier known as uniqueID. This ID is by definition unique even with multiple IdPs involved.
The concept of of mapping via unique-ID was used in PDS and is used in Alma.
Lars Händler
shared this idea
Included in 6.0
-
Hello Lars,
Thank you for reaching out. The issue is clear and is currently being discussed internally. I will let you know when it will be added to the roadmap.
Thank you,
Daniel