Hi,I'm trying to setup Projeqtor to authenticate using SAML2 through our organisation ADFS server.
LDAP is currently setup as follows with the following attributes:
I can confirm that Projeqtor is talking to the ADFS server as shown below. SAML-Tracer results outlines
NameID is being sent post ADFS authentication.
However, Projeqtor application does nor receive the "Name ID" attributes, and only received email and name attributes as shown below:
Projeqtor SAML2 is currently configured as below:
Looking at the Projeqtor log, it shows that Name ID is undefined (or not received):
Can anyone let me know what is the problem here?
Below is the xml generated by Projeqtor:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2033-01-30T15:20:48Z" cacheDuration="PT604800S" entityID="http://......../sso/projeqtor/metadata.php">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://........../sso/projeqtor/index.php?sls"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://.........../sso/projeqtor/index.php?acs" index="1"/>
</md:SPSSODescriptor>
<md:ContactPerson contactType="technical">
<md:GivenName>ProjeQtOr</md:GivenName>
<md:EmailAddress>Projeqtor@........</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
The only issues I can see here is that the NameIDFormat is SAML 1.1 (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Hence Projeqtor is expecting a different format that what the server is sending which is SAML 2.0 (urn:oasis:names:tc:SAML:2.0) as shown in the 2nd picture above.
Can anyone clarify this?
Thanks in advance.