Custom SAML apps
Currently, Bravas has limited support for custom SAML apps, we are actively working to extend that support.
For now, Bravas only supports custom SAML for service providers that properly implemented SAML following the whole standard, supporting both SAML Metadata and standard identity attributes.
To add a custom SAML apps, look for the SAML Metadata apps in the available list of templates.
Metadata
SAML Metadata is an XML file exposed on an always up-to-date HTTPS URL allowing IDP and SP to stay updated automatically.
To integrate Bravas with a custom SAML Service Provider, you will need them to both expose their metadata via a URL and accept ours as a URL too.
If you can eventually read ours to manually input the value to an SP that does not support metadata URL, you will not be able to add to Bravas an SP that does not expose a clean metadata file (and we recommend that you open a support request with them and ask for clean support of SAML).
Mapping
Regarding mapping, our custom SAML support the InCommon Federation Attribute schema.
We also added some common "invention" to ease your integration with non-standard SAML integration.
It's important to understand that identities in an information systems have to be taken as a formal data schema universally accepted, and a lot of works exist on that topic already.
If your SAML Service Provider decided to invent something differently that does not work with URI-based state-of-the-art schema nor with our inclusion of the most commonly "invented" attribute, we recommend that you ask them for better.
Attributes in the SAML Response
The following table represents the list of attributes in the SAML Response that you can use, both with recommend attribute names (URI based) and extended support name (usual human readable attribute).
When using URI, the NameFormat will be urn:oasis:names:tc:SAML:2.0:attrname-format:uri, and for alternatives it will be urn:oasis:names:tc:SAML:2.0:attrname-format:basic.
NameID will be a UUID typed as urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
| Friendly Name | URI | Alternative names |
|---|---|---|
| Display Name | urn:oid:2.16.840.1.113730.3.1.241 | displayName |
| Surname | urn:oid:2.5.4.4 | surname, lastname |
| Given Name | urn:oid:2.5.4.42 | givenName, firstname |
| E-mail Address | urn:oid:0.9.2342.19200300.100.1.3 | |
| Title | urn:oid:2.5.4.12 | title |
Planned evolution
Be assured that we are also putting effort on our side to create improvement in Bravas to allow you to counterbalance improper SAML SP integration by using a more complex experience in Bravas to fine-tune the needed mapping and to manually input what should be metadata.