AFAIK, SafeNet was never tried with generic (I would have known).
also there's no guarantee that it will work.
please try these steps for your configuration:
General SAML IDP - how to configure with customer
- Configure the wizard
- Be aware that full sync isn’t supported.
- On the IDP side use the URL’s from the connectivity page in the idp wizard (2 urls must be configured for Entity ID and reply URL(sso))
- Try to configure the following claims:
- nameId – email format
- ‘userId’ – user object id in the IDP.
- 'First Name' – user first name
- 'Last Name' – user last name
- ‘email’ – user email
- ‘groups’ or “urn:mace:dir:attribute-def:groups” as key, value should be the group name
if this still doesn't work, and it's a deal breaker, I will be able to join for a two hours (maximum) session to try and help.
please note, I had similar session last week for KeyCloak over generic, but after two hours we still couldn't complete relevant configuration.
Such cases are example why it cannot really done online with customer. IDP official support requires developer research that usually takes few days, and therefore closing it in a session with customer is less recommended (therefore I suggest to allocate 2 hours max for that).