The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Search the VMware Knowledge Base (KB)
View by Article ID
Using SSO in combination with LDAP integration in Socialcast (2035371)
Purpose
You can use SSO in combination with the LDAP integration feature of Socialcast. However, you must ensure that both features are configured with the correct mappings from the source directory.
This article provides information on the items that should be checked to prevent unintended issues arising during use.
Resolution
Field Mappings
Verify Unique Identifiers
In the SSO configuration, confirm that the attribute that is referenced for the Name ID claim matches the attribute that is referenced for the Company Login LDAP mapping. This is essential if SSO provisioning is used.
Note: SSO provisioning is enabled by default.
Verify E-mail Address
Confirm that the attribute that is referenced for the E-mail Address SSO claim also matches the E-Mail Address LDAP mapping.
User Filtering
The LDAP integration allows administrators to filter their directory for a subset of users based on a flexible array of criteria in the LDAP search filter. If you are using LDAP integration in conjunction with SSO, it is likely that this filtering is required on the SSO flow. If the filtering can be applied using group membership, VMware recommends you to use this method, so that the same filtering can be applied to the LDAP provisioning and the SSO sign-in. This allows you to take advantage of SSO provisioning.
If the same LDAP-defined restrictions cannot be applied to the IdP configuration, you may want to disable SSO provisioning for the community. For SocialcastĀ On Premise deployments, seeĀ Configuring SSO features for Socialcast On Premise (2035697).
