Skip to main content

SSO: FAQs

Question Answer

Where do I find my SAML attributes values to populate in the User attribute fields?

Each IdP has its own interface for identifying what the attribute names are for the SAML response. Please reference your IdP documentation to better understand what the SAML attribute names are.

If you are referencing the XML SAML response from your IdP you will be looking for the value in the Name attribute of the <saml:Attribute> element. In the below example the attribute name email would be populated as the value for the CreditXpert Email user attribute when configuring the attribute mapping on the Configure SSO tab in the CreditXpert Platform.

<saml:AttributeStatement>
      <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
        <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
      </saml:Attribute>
</saml:AttributeStatement>

Does CreditXpert support IdP-initiated SSO?

No, CreditXpert currently only supports SP-initiated SSO. However, you can leverage bookmarks on your IdP dashboard if you want to give users access without requiring them to sign in through the CreditXpert Platform UI (see SAML session initiation in Amazon Cognito user pools - Amazon Cognito). The bookmark URL is provided inside the Platform under the Configure SSO tab in Company settings.

Do you have any additional documentation on how to integrate my IdP with AWS Cognito?

Yes! Please see Configuring your third-party SAML identity provider - Amazon Cognito for additional information on how to configure your IdP to support SSO with the CreditXpert Platform through AWS Cognito.

I enabled SSO but I’m having issues logging into the platform.

As a technical admin you can use the SSO bypass URL provided during set-up to log-in with the username/password created during registration. This will allow you to return the the Configure SSO tab in Company settings to make changes to your SSO set-up and troubleshoot any issue.

I received a test failed regarding “Invalid SAML response received: Invalid user attributes: email. The attribute is required”.image-20241015-151652.png

This error typically indicates that attributes/claims are not being mapped correctly between the IdP and the CreditXpert Platform.  This error indicates that the email is not being provided correctly in the SAML response but could also indicate that other attributes/claims are not configured correctly as well.

I received the error “Invalid SAML response received: Invalid phone number format”.

This indicates that the phone number attribute/claim value provided in the SAML response was not in the required format.  Please reference the attributes document

SSO: Attributes to verify the required format.

I received an error “Total character length of sourceProviderName, sourceAttributeName, and sourceAttributeValue can not exceed 128 characters” when trying to save the SSO configuration in the CreditXpert Platform.image-20241015-144530.png

This error indicates that the attribute/claim name for the email attribute is too long and needs to be shortened.
Was this article helpful?