Infos:
Used Zammad version: 6.0.0-1691139038.c2b281b3.focal
Used Zammad installation type: ubuntu repo
Operating system: ubuntu focal
Browser + version: chrome on windows 11
Expected behavior:
all users which exist in LDAP should be automatically associated with SSO users login in via SAML if they have the same email.
Actual behavior:
only users which already logged in using SSO months before get associated witht heir LDAP user when logging in to Zammad using SSO.
Steps to reproduce the behavior:
my LDAP-settings:
(mailprimaryaddress and email is the same value in my LDAP)
givenname
firstname
sn
lastname
mailprimaryaddress
login
telephonenumber
phone
mail
email
my SAML setting:
NAME IDENTIFIZIERER FORMAT
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
UID ATTRIBUT-NAME
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Login using SAML → Results in new user with their email-address and a number like “2” after the email.
1 Like
@MrGeneration maybe you can check this?
Hi @letmesetupthis . Not sure if it’s related, but did you check the setting auth_third_party_auto_link_at_inital_login'
?
@fliebe92
hey there
yes, that’s already activated. sadly it still doesn’t work anymore.
I need to see if I can test this somehow. But this will take some time.
I could give you access to my Setup remotely. If I can share it via E-Mail.
This will not help because I cannot debug there etc.
I am experiencing this too -as an aside. A user is imported from LDAP correctly; their login is configured as email. The SAML-provided attribute is also email. The user is imported from LDAP with proper config and that part works. The same user SAML-ed has their email+1 added as a user and is created as a new user.
Looks like you are missing the mapping in the IDP of some fields: SAML — Zammad Admin Documentation documentation
Currently, the “email”-Field is needed for the detection of already existing users.
I verified my configuration. email is configured in my mappings:
authentik default SAML Mapping: Email
Capital E is correct there. It works like that with other SAML-Apps. And it actually was working roundabout a year ago.
Sorry but nobody is forcing you to use Zammad.
You seem to be constantly frustrated with it.
I’m sorry for that, but your comments are neither helping the situation nor will encourage people to like helping you more.
system
Closed
January 12, 2025, 2:24pm
13
This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.