I am trying to get a crewjam/saml SP to work with ADFS. Metadata import /export works

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Running into the same problem, looks like a copy-and-paste error, <code class="notrans

I noticed <a class="issue-link js-issue-link" data-error-text="Failed to load title" d

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

fixed in [<a class="commit-link" data-hovercard-type="commit" data-hovercard-url="http

NameIDPolicy may have invalid format? about saml HOT 7 CLOSED

crewjam commented on July 27, 2024

NameIDPolicy may have invalid format?

from saml.

Comments (7)

danielamiao commented on July 27, 2024 1

@crewjam Ah, I should have kept that PR opened, I closed it because we ended up using a fork. However, my original point is still valid, as per section 8.3.1 and 8.3.2 of the specifications:

urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified should be urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress should be urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

from saml.

danielamiao commented on July 27, 2024

Running into the same problem, looks like a copy-and-paste error, unspecified and emailAddress are both defined in SAML 1.1 instead of 2.0 according to http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

from saml.

meetmauro commented on July 27, 2024

I am getting this error too even though my request has a NameIDPolicy properly formatted.
My request is:

<samlp:AuthnRequest
   xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
   xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
   ID="id-034bf268652648235617a4249a1d891d4698b4af" 
   Version="2.0" IssueInstant="2017-11-22T15:58:08.243Z" 
   Destination="https://adfs.service.com/adfs/ls/" ForceAuthn="false" 
   AssertionConsumerServiceURL="https://alba.group/saml/acs" 
   ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
   <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://alba.group/saml/metadata</saml:Issuer>
   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/>
   <samlp:RequestedAuthnContext Comparison="exact">
      <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
   </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

where I also added the RequestedAuthnContext thinking it was the source of the error (the XML does not validate against the SAML XSD without it) to no avail.
the response I get from ADFS is this one:

<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" />

but why am I getting that error?
I also changed the code that @danielamiao suggested above but this not changing the response.

from saml.

crewjam commented on July 27, 2024

I noticed #111 was closed. My read is that the name ID formats are correct. c.f. section 8.3.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

from saml.

mrajashree commented on July 27, 2024

@meetmauro I have the exact same problem as you, were you able to resolve it?

from saml.

ricardofandrade commented on July 27, 2024

@crewjam Is it possible to get a fix for this?

from saml.

crewjam commented on July 27, 2024

fixed in [6e8a81a]

from saml.

NameIDPolicy may have invalid format? about saml HOT 7 CLOSED

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent