Hello all,
I have a question regarding the Subject Name Identifier in IAS.
I’ve been experimenting in my test environment and here's what I did:
- In Azure, I created a Claim employee_id=user.employee_id.
- In IAS, I set the Subject Name Identifier to Corporate Identity Provider=employee_id.
- The user was created in SAC/BTP with the User Name being the employee_id (User Name filed = 131414)
Then I changed the employee_id in Azure, but the user was still able to log in.
Only when I removed the email=user.email claim in Azure (ODIC), the user could no longer log in to BTP.
I thought the SNI was the main factor for identifying the user in the cloud app.
So, for example, if the user with SNI=234324 is sent to BTP, and only the user with SNI (User Name in Cloud App) 1111 exists in BTP, the user should no longer be able to log in – but this is not the case. It seems that, even though the setting in IAS - Subject Name Identifier=employee_id , the user is identified/found by the email address in BTP
Why is that? Or did I misunderstand the purpose of the Subject Name Identifier?
Do I understand it correctly that the Subject Name Identifier is always equal to the User Name in a cloud app (SNI = User Name in SAC)
Thank you very much.
Best Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.