Forum Discussion

Claudius's avatar
Claudius
Boss
2 years ago

Adding SSO attributes and accessing them in components

We are trying to expose additional user information in Community via our SSO attributes. This could be pieces of information like customer status, licensing information or similar. I'm currently struggling to find some clear instructions on what is necessary to expose these SSO attributes and accessing them via Freemarker custom components in Khoros Community Classic.

I've started reading the SSO Guide from About Khoros Single Sign-On (SSO) and this includes documentation on how to populate existing Khoros user profile fields via passing profile.* attributes or roles.grant for assigning Khoros roles. Couldn't find any details about passing custom attribute fields though.

An older discussion "Accessing attributes passed via SSO " was asking about accessing SSO attributes, but ended up only covering how to access SSO id.
Another conversation "How to pass parameters to Lithium when doing SSO" mentions custom profile fields, but unfortunately, not any more information on how to set them up and how to populate them via SSO.
I did come across a rather promising response in Attributes that I can set/send in the SSO process  by the one and only DougS but the same SSO Guide documentation he is referencing doesn't explain custom attributes different to "profile.*

So my questions for the Khoros experts:

  1. When adding SSO attributes can I directly access them in Freemarker?
  2. Is there any action by Khoros support (or worse: Professional Services) necessary?
FreeMarker
  • StanGromer's avatar
    StanGromer
    Boss
    2 years ago

    https://community.khoros.com/t5/Khoros-Community-Product/Using-SSO-Single-Sign-on-with-SAML-assertion-with-Custom-profile/m-p/628902

    I have no idea if that will help at all, but I tried to document the nightmare when we went through this using OKTA.  Make sure when creating the custom attributes that you specifically tell Khoros they need to be accessible via the API, otherwise they won't be (I still don't know what it is, but there is a "specificValue" clause as well that we always tell Support to ensure is set to 'allow' - It's come up in our custom attribute tickets before.

    • Claudius's avatar
      Claudius
      Boss
      2 years ago

      Thanks Stan. Your guide is such a great starting point for a developer guide that Khoros should have 🙂 Although we don't use Okta this documentation helps to ask the right questions with support.

      Thanks Syed for the additional hint to check SAML SSO admin at Admin -> Features -> SAML SSO -> Assertion Mapping (Navigation tab) /t5/bizapps/page/tab/community%3Aadmin%3Afeatures%3Acommon.feature.samlss%3Asaml-sso-admin-mapping

      NB: If this admin features page is not available on your community then most likely you are using a different SSO setup. Best to clarify with Khoros support-

  • SyedSa's avatar
    SyedSa
    Moderator
    2 years ago

    Hi Claudius, the specific requirements would vary based on the SSO you use.
    If you are using a Self-Serve option, like SAMLSS, you would only need assistance from Support in creating a custom field. This custom field is necessary for the Identity Provider (IdP) to transmit the required information.

    Any other SSO would likely need a Services engagement. You can start by filing a Support ticket so the support team can determine whether it's within Support's scope.