SAML Sign On
Prolaborate V5 is SP initiated or IDP initiated?
Prolaborate V5 supports Service Provider (SP) initiated SAML logins. It will not support if SAML login is IDP initiated.
Why Prolaborate support SP Initiated flow?
In Prolaborate V5 the reason why we opted for SP-initiated is because of security reasons. As IDP-initiated authentication is inherently less secure than SP-initiated authentication because the Service Provider is receiving an unsolicited authentication request from the Identity Provider, and there’s no way for the Service Provider to detect if the request has been spoofed or hacked by an unauthorized user. Stealing a SAML Assertion in this way is called a “man in the middle” attack.
Authentication flows that begin with the Service Provider are inherently more secure than those that begin with an Identity Provider. Hence we developed Prolaborate V5 in such a way to follow the SP-initiated (Service Provider initiated) flow for the SSO login
Can the same SAML SSO Account be used for Prolaborate and EA?
When it comes to user management, the best option is to integrate EA and Prolaborate with a Single Sign On (SSO) tool to enable users who need both EA and Prolaborate to login with the same credentials.
Why user entries Duplicated in User Management?
If user migrated their Prolaborate application from version 3 to version 5.x and facing issues like Duplicate User Entries in User management in ADFS SAML configuration means they need to do some changes in ADFS configuration in prolaborate.
Need to Copy paste the below mentioned URL in respective Attribute mapping fields.
| First Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
| Last Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
Restart the Prolaborate Service.
Now check the login with SAML user.
