Ok, first issue:
- in any SSO system, there shouldn't be 'two' email Addresses for any users; but you are having that. "Email_Address" and "UID" are two 'unique' attributes being considered by any Security system.
Just thinking randomly...
If I were in your position, I would create two custom attributes ( one for Google, one for FreshService ), then map email addresses into those custom attribute, create two nameIDs with those two attributes. Release freshDesk based nameID to FreshDesk trust relationship, Release GoogleDoc based nameID to Google Trust relationship.
Then check various user-cases, see how things go.
There should be some elegant way to do that but to research more.. .need to invest more time and team effort ( i.e. using OIDC protocol for Google apps... or some custom script which would run at the time of login and decide who is logging ( student / teacher / staff / teacher + staff ) and perform whole authN / authZ accordingly etc.... .
>> the told me to use these instructions. (Webex) but the files mentioned attribute-resolver.xml.vm do no exist, can i make an empty file and add the items to it, or do i need to find a template to start with?
Custom nameIDs are [GUI](https://www.gluu.org/docs/gluu-server/4.2/admin-guide/saml/#nameid) based now, but you can also 'grab' those velocity templates.
Yes, they are not in stated location now. You have to explode identity.war, get them from another war etc...
Something like this:
- Get identity.war
- Extract it
- Go to WEB-INF/lib/ location
- You will get another jar named oxtrust-configuration-4.0.Final.jar
- Extract this jar and you will get those VM files.