<ahref="http://www.cornerstoneondemand.com/"class="urlextern"title="http://www.cornerstoneondemand.com/"rel="nofollow">CornerStone On Demand (CSOD)</a> allows one to use <abbrtitle="Security Assertion Markup Language">SAML</abbr> to authenticate users. It works by default with IDP intiated mechanism, but can works with the standard SP initiated cinematic.
To work with <abbrtitle="LemonLDAP::NG">LL::NG</abbr> it requires:
</p>
<ul>
<liclass="level1"><divclass="li"> An enterprise account</div>
</li>
<liclass="level1"><divclass="li"><abbrtitle="LemonLDAP::NG">LL::NG</abbr> configured as <ahref="../idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML Identity Provider</a></div>
</li>
<liclass="level1"><divclass="li"> Registered users on CSOD with the same email than those used by <abbrtitle="LemonLDAP::NG">LL::NG</abbr> (email will be the NameID exchanged between CSOD and <abbrtitle="LemonLDAP::NG">LL::NG</abbr>)</div>
<h3class="sectionedit4"id="new_service_provider">New Service Provider</h3>
<divclass="level3">
<p>
You should have configured <abbrtitle="LemonLDAP::NG">LL::NG</abbr> as an <ahref="../idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML Identity Provider</a>,
</p>
<p>
Now we will add CSOD as a new <abbrtitle="Security Assertion Markup Language">SAML</abbr> Service Provider:
</p>
<ol>
<liclass="level1"><divclass="li"> In Manager, click on <abbrtitle="Security Assertion Markup Language">SAML</abbr> service providers and the button <code>New service provider</code>.</div>
</li>
<liclass="level1"><divclass="li"> Set csod as Service Provider name.</div>
</li>
<liclass="level1"><divclass="li"> Set <code>Email</code> in <code>Options</code> » <code>Authentication Response</code> » <code>Default NameID format</code></div>
</li>
<liclass="level1"><divclass="li"> Select <code>Metadata</code>, and unprotect the field to paste the following value:</div>
<divclass="noteimportant">Change <strong>mycompanyid</strong> (in <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) into your CSOD company ID and put the certificate value inside the ds:X509Certificate markup
See <ahref="../samlservice.html#security_parameters"class="wikilink1"title="documentation:2.0:samlservice">SAML security parameters</a> to know how generate a certificate from you <abbrtitle="Security Assertion Markup Language">SAML</abbr> private key.
</p>
</div>
<h4id="saml_assertion">SAML assertion</h4>
<divclass="level4">
<p>
You need to use the IDP initiated feature of <abbrtitle="LemonLDAP::NG">LL::NG</abbr>. Just call this <abbrtitle="Uniform Resource Locator">URL</abbr>: