Problems with setting up SAML2

Hi,I'm trying to setup Projeqtor to authenticate using SAML2 through our organisation ADFS server.

LDAP is currently setup as follows with the following attributes: 


I can confirm that Projeqtor is talking to the ADFS server as shown below. SAML-Tracer results outlines NameID is being sent post ADFS authentication.


However, Projeqtor application does nor receive the "Name ID" attributes, and only received email and name attributes as shown below: 


Projeqtor SAML2 is currently configured as below: 


Looking at the Projeqtor log, it shows that Name ID is undefined (or not received): 
 

Can anyone let me know what is the problem here?

Below is the xml generated by Projeqtor:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2033-01-30T15:20:48Z" cacheDuration="PT604800S" entityID="http://......../sso/projeqtor/metadata.php">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://........../sso/projeqtor/index.php?sls"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://.........../sso/projeqtor/index.php?acs" index="1"/>
</md:SPSSODescriptor>
<md:ContactPerson contactType="technical">
<md:GivenName>ProjeQtOr</md:GivenName>
<md:EmailAddress>Projeqtor@........</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>

The only issues I can see here is that the NameIDFormat is SAML 1.1 (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Hence Projeqtor is expecting a different format that what the server is sending which is SAML 2.0 (urn:oasis:names:tc:SAML:2.0) as shown in the 2nd picture above.

Can anyone clarify this?

Thanks in advance.

Hi all,

Had played around the Projeqtor SSO authentication today, and found out that Projeqtor did received the "Name ID" but it was not stored in the authentication attributes array. Instead it has it's own variable storage.

In the file projeqtor/sso/projeqtor/index.php, attributes is stored as below:

$_SESSION = $auth->getAttributes();

While Name ID is stored below: 

$_SESSION = $auth->getNameId();

However, when creating new user in tool/projeqtor.php, the code is looking for Name ID in attributes array. Hence the error.     

if (isset($authAttr[SSO::getAttributeName('uid')]) and isset($authAttr[SSO::getAttributeName('uid')][0]))
{       
   $login = $authAttr[SSO::getAttributeName('uid')][0];     
}
else
{       
   traceLog("Cannot retreive field ".SSO::getAttributeName('uid')." in samlUserData");        \
   traceLog($authAttr);       
   $login=null;     
}

And also in the file projeqtor/model/SSO.php, it is also looking for Name ID from the attributes.   
 
$loginAttr=SSO::getAttributeName('uid');     
$mailAttr=SSO::getAttributeName('mail');     
$fullNameAttr=SSO::getAttributeName('commonName');     
$user->name=$authAttr[$loginAttr][0];

Can any of the developer comment about this? I think I need to modify the codes so the it will not get the Name ID from attributes. 

Is there any work around to this other than modifying the codes? Fyi, I'm using V10.1.

Thank you.