Hello,
We’re currently working on setting up a connection between Zscaler Cloud and RCDevs as the IdP. Our configuration is a bit unique since the internal domain differs from the authentication domain. Due to this setup, we need to perform an assertion transformation to ensure seamless integration.
We have tried utilizing the Domain Mapping feature, but it still results in an error. I’d appreciate any guidance on how RCDevs handles domain mapping. Specifically, is the domain mapping done through some form of transformation process, or is there an alternate way to map an internal domain to the authentication domain?
Thanks in advance for any insights or advice!
Hello Spyridon,
Thank you for your efforts on this integration. I've attached a visualization that may help clarify the setup.
Here’s a breakdown of the current configuration and the issue we are encountering:
Authentication Domain Setup: The customer has an authentication domain in Zscaler (something-else.com). When the user initiates a login, the Zscaler endpoint agent forwards a SAML request to RCDevs.
Domain Mismatch for SSO: The customer’s domain in RCDevs is configured as something.com. For seamless SSO functionality, we require a transformation on the return statement so that the user ID changes from us...@something.com to us...@something-else.com as it is processed back by Zscaler.
Transformation Implementation: We have implemented the necessary transformation in the domainID field within RCDevs to account for this domain change.
Issue on Logon Flow: Despite the transformation setup, an error is encountered when the user goes through the login flow. This suggests there may be an additional configuration or an underlying compatibility issue that’s causing the process to fail.
Could you please help us investigate further into what might be causing this error in the logon flow? Any insights or additional configurations to review would be much appreciated.
Thank you for your assistance.
Best,
Nabil
Dear Spyridon,
After some time, we’ve successfully set things up—thank you for your support.
We’re now working to enable seamless SSO but have encountered some issues. Let me outline the intended flow:
While SAML authentication and provisioning are working, users are being prompted to authenticate with Zscaler via RCDevs each time, which is unexpected. No direct error messages are shown.
Could you confirm if RCDevs can seamlessly capture authentication data from AD during Windows login and pass it along in this manner?
Looking forward to your guidance.
Best regards,
Nabil
--
You received this message because you are subscribed to a topic in the Google Groups "RCDevs Security" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rcdevs-technical/COig-7ZF24I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rcdevs-technic...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/rcdevs-technical/d6cbc86d-4460-479c-bc48-62331d45431dn%40googlegroups.com.