https://community.hpe.com/t5/hpe-morpheus-enterprise/assertion-attribute-role-mappings-for-saml/m-p/7247790#M964 <P>I just fixed using this solution. Role Mapping is working now.</P> <ASIDE class="quote quote-modified" data-post="1" data-topic="1895"> <DIV class="title"> <DIV class="quote-controls"></DIV> <IMG alt="" width="24" height="24" src="https://avatars.discourse-cdn.com/v4/letter/w/48db29/48.png" class="avatar" /> <A href="https://discuss.morpheusdata.com/t/keycloak-saml-sso-role-mapping/1895">Keycloak SAML SSO - Role Mapping</A> <A class="badge-category__wrapper " href="https://community.hpe.com/c/administration/14"><SPAN data-category-id="14" style="--category-badge-color: #c3e3f3; --category-badge-text-color: #FFFFFF;" data-drop-close="true" class="badge-category " title="The Administration category is focused on the administrative settings and concepts within the Morpheus platform. This includes groups, users, roles, tenants, policies, plans &amp; pricing, reporting, and others."><SPAN class="badge-category__name">Administration</SPAN></SPAN></A> </DIV> <BLOCKQUOTE> When using Keycloak as an identity source via SAML, a role mapper must be defined on the Keycloak client configured for Morpheus to map Keycloak roles to Morpheus roles. Keycloak <A class="lightbox" href="https://us1.discourse-cdn.com/flex020/uploads/morpheusdata1/original/2X/b/b78d74362a42cfffe327d3001e814114890a35f8.png" data-download-href="/uploads/short-url/qbMrknxccoE7eVYX0LF6c7Vm3Vu.png?dl=1" title="1" rel="noopener nofollow ugc">[1]</A> The ‘Role attribute name’ that is set on the mapper will need to be defined in Morpheus identity source settings and ‘Single Role Attribute’ needs to be ‘On’. <A class="lightbox" href="https://us1.discourse-cdn.com/flex020/uploads/morpheusdata1/original/2X/0/0ff645d95c35b04c69a2ca69a7a024f919a97af3.png" data-download-href="/uploads/short-url/2hcNy7IJlD9FfQUptbReKuM2Q5Z.png?dl=1" title="2" rel="noopener nofollow ugc">[2]</A> </BLOCKQUOTE> </ASIDE> Sun, 26 Jan 2025 06:55:41 GMT Niranpsk 2025-01-26T06:55:41Z https://community.hpe.com/t5/hpe-morpheus-enterprise/assertion-attribute-role-mappings-for-saml/m-p/7247789#M963 <P>I have SAML SSO as external identity sources working fine and looking for Assertion attribute for role mapping. SAML from identity source is passing values but i cant find the mapping name on the doc.</P> <P>From identity source;<BR /> …<BR /> &lt;saml:Attribute NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic” Name=“ROLE ATTRIBUTE NAME”&gt;<BR /> &lt;saml:AttributeValue xmlns:xsi=“<A href="http://www.w3.org/2001/XMLSchema-instance" rel="noopener nofollow ugc">http://www.w3.org/2001/XMLSchema-instance</A>” xsi:type=“xs:string”&gt;Admins&lt;/saml:AttributeValue&gt;<BR /> &lt;saml:AttributeValue xmlns:xsi=“<A href="http://www.w3.org/2001/XMLSchema-instance" rel="noopener nofollow ugc">http://www.w3.org/2001/XMLSchema-instance</A>” xsi:type=“xs:string”&gt;CMP Users&lt;/saml:AttributeValue&gt;<BR /> &lt;/saml:Attribute&gt;<BR /> &lt;saml:Attribute NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic” Name=“lastName”&gt;<BR /> …</P> <P>Morpheus SAML;<BR /> </P><DIV class="lightbox-wrapper"><span class="lia-inline-image-display-wrapper" image-alt="image"><img src="https://community.hpe.com/t5/image/serverpage/image-id/150239iF8E5DF32F917BA6C/image-size/large?v=v2&amp;px=2000" role="button" title="e087d03ad677bceaed208bca199323f1ec6118e3.png" alt="e087d03ad677bceaed208bca199323f1ec6118e3.png" /></span></DIV><P></P> <P>is there any guide / document to configure role mapping?</P> <P>Thanks.</P> Sat, 25 Jan 2025 23:24:01 GMT https://community.hpe.com/t5/hpe-morpheus-enterprise/assertion-attribute-role-mappings-for-saml/m-p/7247789#M963 Niranpsk 2025-01-25T23:24:01Z https://community.hpe.com/t5/hpe-morpheus-enterprise/assertion-attribute-role-mappings-for-saml/m-p/7247790#M964 <P>I just fixed using this solution. Role Mapping is working now.</P> <ASIDE class="quote quote-modified" data-post="1" data-topic="1895"> <DIV class="title"> <DIV class="quote-controls"></DIV> <IMG alt="" width="24" height="24" src="https://avatars.discourse-cdn.com/v4/letter/w/48db29/48.png" class="avatar" /> <A href="https://discuss.morpheusdata.com/t/keycloak-saml-sso-role-mapping/1895">Keycloak SAML SSO - Role Mapping</A> <A class="badge-category__wrapper " href="https://community.hpe.com/c/administration/14"><SPAN data-category-id="14" style="--category-badge-color: #c3e3f3; --category-badge-text-color: #FFFFFF;" data-drop-close="true" class="badge-category " title="The Administration category is focused on the administrative settings and concepts within the Morpheus platform. This includes groups, users, roles, tenants, policies, plans &amp; pricing, reporting, and others."><SPAN class="badge-category__name">Administration</SPAN></SPAN></A> </DIV> <BLOCKQUOTE> When using Keycloak as an identity source via SAML, a role mapper must be defined on the Keycloak client configured for Morpheus to map Keycloak roles to Morpheus roles. Keycloak <A class="lightbox" href="https://us1.discourse-cdn.com/flex020/uploads/morpheusdata1/original/2X/b/b78d74362a42cfffe327d3001e814114890a35f8.png" data-download-href="/uploads/short-url/qbMrknxccoE7eVYX0LF6c7Vm3Vu.png?dl=1" title="1" rel="noopener nofollow ugc">[1]</A> The ‘Role attribute name’ that is set on the mapper will need to be defined in Morpheus identity source settings and ‘Single Role Attribute’ needs to be ‘On’. <A class="lightbox" href="https://us1.discourse-cdn.com/flex020/uploads/morpheusdata1/original/2X/0/0ff645d95c35b04c69a2ca69a7a024f919a97af3.png" data-download-href="/uploads/short-url/2hcNy7IJlD9FfQUptbReKuM2Q5Z.png?dl=1" title="2" rel="noopener nofollow ugc">[2]</A> </BLOCKQUOTE> </ASIDE> Sun, 26 Jan 2025 06:55:41 GMT https://community.hpe.com/t5/hpe-morpheus-enterprise/assertion-attribute-role-mappings-for-saml/m-p/7247790#M964 Niranpsk 2025-01-26T06:55:41Z