SAML (Security Assertion Markup Language) is an open standard and XML-based markup language for exchanging authentication and authorization information between parties, known as service providers and identity providers.
Questions tagged [saml]
99 questions
2
votes
0 answers
ADFS - Correct way to massively provision relying party trusts for many similar SAML service provider
Let's say I have 200+ sites in the form of:
https://site1.example.com, https://site2.example.com
I have to deploy an identical SAML configuration for all of these sites. Ideally I would just have a single relying party trust set up in ADFS that…
![](../../users/profiles/199519.webp)
Dylan
- 156
- 4
2
votes
2 answers
Configuring Shibboleth SAML 2.0 with ADFS 3.0 with Fedration Errors
I'm trying to configure ADFS 3.0 and SAML 2.0. Currently, I get this error whenever I restart shibd and httpd.
2016-11-07 12:49:08 ERROR XMLTooling.ParserPool : error on line 1, column 2702, message: grammar not found for namespace…
![](../../users/profiles/367331.webp)
Franz Noel
- 153
- 7
2
votes
0 answers
How to create an SPN for an ADFS server with an alias
I have a colleague who has set up an ADFS server in a test environment and that have given the ADFS server an alias.
host name test-server.tdom.com
alias test-adfs.tdom.com
The server is running under a specific AD user account.
The replying party…
![](../../users/profiles/379592.webp)
GaryF
- 21
- 1
- 3
2
votes
1 answer
ADFS error duing SAML Service Provider Login
I have a Spring SAML Project that has been under development for about a month. I've integrated with ADFS and everything has been working well. I'm getting an intermittent error that is becoming problematic because I have to wait for it to…
![](../../users/profiles/357446.webp)
blur0224
- 128
- 1
- 10
2
votes
1 answer
Shibboleth - Secure whole IIS application
I've setup shibboleth SP on my server and now I want to protect my IIS folders. I followed a few tutorials and used this syntax in my shibboleth2.xml file:
![](../../users/profiles/229269.webp)
posixpascal
- 176
- 5
2
votes
0 answers
Subversion Server with Azure AD SSO
There is a running CollabNet Subversion Edge Server in the current version 5.2.4.
It is currently connected with LDAP for authentication.
Now there is a challenge to grant permission to b2b guests of our azure ad to use this SVN.
Is there any way to…
![](../../users/profiles/405547.webp)
Wyphorn
- 45
- 5
2
votes
2 answers
How can I resolve "SAML Providers must reference at least one SAML assertion issuer" message?
I want to setup a SSO solution using Keycloak 10.0.2 as the Identity Provider. The first application I want to setup is AWS.
I followed this tutorial to enable Keycloak to sign me in using SAML. I noticed, that this tutorial is guiding me to…
![](../../users/profiles/540468.webp)
user540468
- 152
- 1
- 2
- 10
1
vote
1 answer
Set an attribute as MellonUser on mod_mellon
I'm failing to setup MelonUser on my Apache configuration. The NAME_ID my IdP provides in really a session ID that changes every time, and it's the only data available in the Subject of the response.
The data I need (the real username) is contained…
![](../../users/profiles/220168.webp)
lithiium
- 185
- 9
1
vote
1 answer
Should the AD FS Federation metadata for a Relying Party Trust be publicly accessible?
If I am a relying party, I can expose federation metadata to ease configuration for AD FS so I can import it into the Create a Relying Party Trust wizard. I can also choose to enable automatic updates so AD FS checks this file regularly. This file…
![](../../users/profiles/504902.webp)
Melvin
- 111
- 2
1
vote
2 answers
Signature verification for InCommon SAML metadata using xmlsec1 fails
InCommon Federation provides IdP and SP metadata. Their refresh policy recommends frequent checking of the metadata aggregate to use the most recent version. They strongly recommend InCommon SPs refresh and verify metadata at least daily.
Following…
![](../../users/profiles/458913.webp)
pbuck
- 11
- 7
1
vote
1 answer
customise saml attributes Azure AD
I have configured SAML SSO against a new app in my Azure Console. I have proven it authenticates using simplesamlPHP. I am trying to add/adjust the attributes that are passed back with the SAML token.
Test App in Azure Active Directory…
![](../../users/profiles/407825.webp)
Lindsay Macvean
- 13
- 3
1
vote
1 answer
Specify MFA based on user-agent in AD FS?
Is it possible to force a specific MFA provider based on a user-agent (ideal) or IP address (less ideal) in AD FS? Alternatively, is there another free SAML IdP that would allow this? Read below for why, in case there is another option that I am…
![](../../users/profiles/292053.webp)
Todd
- 198
- 2
- 2
- 9
1
vote
1 answer
SHIBBOLETH SP - Shibboleth handler invoked at an unconfigured location - Shibboleth.sso/Session/
I am trying to get shibboleth configured. When I go to https://mysite/secure/index.php, it works properly, I can authenticate, etc. but when I go to https://mysite/Shibboleth.sso/Status (or any other https://mysite/Shibboleth.sso/*) I get the…
![](../../users/profiles/424526.webp)
Kevin Finkenbinder
- 53
- 2
- 9
1
vote
1 answer
Does Shibboleth IdP 3 automatically echo relay state by default?
Maybe this is a dumb question, but I can't find any anything about this in the documentation or elsewhere. According to the SAML spec, I know that the IdP is supposed to echo back the relay state received from the SP's authn request. Since that…
![](../../users/profiles/378106.webp)
SpasemanSpiph
- 11
- 2
1
vote
0 answers
SAML Azure mappings
I'm trying to setup SocialCast to use SSO against Azure AD. I have everything working except I'm unable to map the fields for first name, last name, and email address. I know authentication is working because the logs on Azure confirm it, but I…
![](../../users/profiles/185597.webp)
Carl
- 373
- 2
- 12