SAML (Security Assertion Markup Language) is an open standard and XML-based markup language for exchanging authentication and authorization information between parties, known as service providers and identity providers.
Questions tagged [saml]
100 questions
0
votes
1 answer
Unable to setup SAML with internal IdP (SP is checking for valid URL)
I've been reading through the various ways to configure an IdP/SP relationship and going back forth with a vendor I'm setting up our IdP to authenticate with. We've exchanged metadata and the essentials like Entity ID and login URL's, but when I go…
ceskib
- 761
- 1
- 9
- 24
0
votes
0 answers
Can ADFS present one IDP to SAML SP, but authenticate against multiple AD servers on the back end?
Summary
Can ADFS present one IDP to a SAML Service Provider (SP), but authenticate against multiple AD servers on the back end?
Context
Here's the usecase:
Company Foo has bought company Bar
They plan to fully integrate/combine their…
user50460
- 315
- 1
- 2
- 8
0
votes
1 answer
ADFS Client Certificate Authentication
I have ADFS on my environment and it's currently authenticating via active directory perfectly fine. I'm trying to enable certificate authentication so they can authenticate with their smart cards. Currently, the smart cards are imported into their…
Mlsracer
- 1
- 1
0
votes
0 answers
AD FS SP forcing custom AuthnRequest
AD FS Error:
Exception details: Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.UnknownAuthenticationTypePolicyException: MSIS3305: None of the AuthenticationContext class references specified in the SAMLP request is supported by the…
Mikkel
- 1
0
votes
0 answers
ADFS Claims Provider not receiving username/email
I have an on-prem ADFS setup as below with SAML2,
SP <=> ADFS <=> IDP
When the SP initiates an authentication, the client can redirect to the IDP (configured as a Claims Provider) and authenticate himself.
However, I need to pass any form of client…
Sency
- 111
- 4
0
votes
0 answers
Auth Mellon on Apache is giving 404 for login endpoint
I'm trying to set up SAML auth on a subfolder of an apache 2.4 vhost using auth_mellon, following the instructions here: https://richard-purves.com/2019/05/07/apache-saml-sso-the-hard-way/
In the vhost I have the following auth_mellon…
Jonah
- 1
0
votes
0 answers
ADFS and ColdFusion setup regarding certificate
I am so confused about this certification involvement between CF and ADFS talk. When we click on "Generate SP" on ColdFusion administrator, it does create a .p12 file but on the ADFS side, it only accepts a .cer file. So not sure how should I…
user282823
0
votes
1 answer
Issues configuring SAML authentication in Apache Guacamole behind a HAProxy
I've deployed an Apache Guacamole server and trying to configure SSO using SAML with a Cloud IdaaS. HAproxy is in front of the Guacamole server, providing SSL offloading. Apache Guacamole was configured following the tutorial on the Guacamole…
user1913559
- 219
- 2
- 12
0
votes
2 answers
Only federate some users in AzureAD and not a whole domain
We want to test a new IDP in our organization ( this IDP is an inhouse SAML-compatible idp ). We are using AzureAD.
If we federate a new domain, we can test the authentication, and it works ( xxx@NewDomain.Com).
Now, we want to select some real…
yeska
- 99
0
votes
0 answers
Login to SSL VPN via SSO and then use SSO inside VPN for other Service Providers possible?
I have a setup where you authorize via SAML SSO (keycloak as idp) to access a SSL VPN (fortigate as sp). Now inside the VPN there are authorization reverse proxy servers.
Is it possible to have the same SSO automatically authorize users to the proxy…
cu 29p
- 1
0
votes
2 answers
ADFS as proxy to some IDP
As far as I know, Exchange does support WS-Federation, but it does not support SAML. At the same time I have IDP that does support SAML, but does not support WS-Federation.
Is it possible to configure ADFS as proxy? For example:
Exchange OWA/ECP ->…
Oleksii
- 145
- 2
- 7
0
votes
1 answer
SAML 2.0 NameIDPolicy that was not satisfied by the issued token
I am working on a SAML integration with some monitoring software, but I keep receiving the MSIS7070 error below. I have tried numerous transform combinations with no luck. I am certain this is something relatively easy to fix, but my AD FS knowledge…
Chris Lombardi
- 111
- 2
0
votes
1 answer
Migrating from Azure AD SSO authentication to ADFS
We are having a customer with the following setup.
onPrem Active Directory with Azure AD Connect and Password Hash Sync (PHS) including SSO activation
SSO for all M365 apps
Integration of about 15 different external Cloud Apps, which Trust…
VJSpeter
- 1
- 1
0
votes
2 answers
How do I convert a multi-value SAML attribute to a single-value string in ADFS?
I previously asked a similar question about doing this in Azure AD. However, I've come to the conclusion that it is probably too limited to do this and I received no answers.
However, in ADFS there is a lot more flexibility.
I want to convert an…
Appleoddity
- 3,488
- 2
- 13
- 33
0
votes
1 answer
Auth Mellon is not redirecting to IDP. Apache is returning 404 for /mellon
I am trying to enable auth mellon for on-prem weblogic app.
I have apache httpd and auth mellon installed on RHEL 6.8. I followed instructions as per https://github.com/Uninett/mod_auth_mellon/wiki/GenericSetup
My IDP is Okta.
Mellon.conf looks like…
user2961454
- 51
- 1