SAML Integrations
Choosing an Identity Provider
While our primary focus is on OpenID Connect (OIDC), we recently identified an issue affecting SAML integrations when multiple identity providers (IDPs) are selected. Specifically, selecting more than one IDP results in a duplicated payload.
To avoid this issue and ensure correct behavior, we have implemented a restriction that allows only one IDP to be selected at a time for SAML clients.
Custom Client ID
If your product requires a custom Client ID (also known as an Entity ID), please contact the Pathfinder SSO team. We can provision a custom Client ID upon request.
Reach out to us via:
Additional Roles Attribute
By default, upon successful authentication, client‑specific roles are returned in the client_roles attribute.
If your application cannot accept or process this attribute, please contact the Pathfinder SSO team via Email or Microsoft Teams Keycloak How-to Channel. We will work with you to identify a suitable workaround where possible.