Sample SAML property-value pairs for My1Login

A sample set of property-value pairs to put in a text file and apply to the SetupSAML.ps1 PowerShell script.

TokenIssuerCertThumbprint=new
TokenIssuerCertFriendlyName=Token Issuer Certificate
TokenIssuerCertPassword=password1
CoreServiceCertThumbprint=new
CoreServiceCertFriendlyName=Core Service Certificate
CoreServiceCertPassword=password2
CoreServiceType=Windows Service
TCM_Name=my1login
SamlAdminUser=my1login:test@example.com
issuer=https://idp.app.my1login.com/f3dd4629-a3e7-98f7-ef58-6f62a60e86cc
SP_Audience=spn:89b4021a-37af-4307-b8e5-2a6c3a655dfc
SP_AssertionConsumerServiceUrl=~/WebUI/
Name=https://idp.app.my1login.com/f3dd4629-a3e7-98f7-ef58-6f62a60e86cc
Description=My1Login
WantSAMLResponseSigned=true
OverridePendingAuthnRequest=true
SingleSignOnServiceUrl=https://app.my1login.com/Business/SAML/SSOService/8a674c99-6699-2f92-970b-978a9addf7f8
SingleLogoutServiceUrl=https://app.my1login.com/Business/
PartnerCertificateFile=my1LoginCert.cer
The following properties are optional:
uniqueNameClaimType=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

The line above instructs SDL Tridion Sites to set the UniqueName Claim to the value of the attribute called http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, rather than to the default, which is the value of NameID.

displayNameClaimType=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

The line above instructs SDL Tridion Sites to set the DisplayName Claim to the value of the attribute called http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname, rather than to the default, which is the value of the UniqueName Claim.

groupClaimType=http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

The line above is mandatory if you use the group mapping functionality. It instructs SDL Tridion Sites to set the GroupId Claim to the value of the attribute called http://schemas.xmlsoap.org/ws/2008/06/identity/claims/groups. There is no default, so a failure to set this property means group mapping will not work and the user will be denied access (if you use group mapping as a feature).