By: Urii Titov user 04 May 2018 at 2:30 a.m. CDT

1 Response
Urii Titov gravatar
I install gluu server and make trust relationship with VMware vCloud Director. When i redirect from IDP (gluu) to SP (vCd), i get error "SAML authentication failed for this organization." [https://imgur.com/0wPEBEU](https://imgur.com/0wPEBEU) I change only - saml-nameid.xml ``` <!-- SAML 2 NameID Generation --> <util:list id="shibboleth.SAML2NameIDGenerators"> <ref bean="shibboleth.SAML2TransientGenerator" ></ref> <!-- Uncommenting this bean requires configuration in saml-nameid.properties. --> <ref bean="shibboleth.SAML2PersistentGenerator" ></ref> <bean parent="shibboleth.SAML2AttributeSourcedGenerator" p:format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress" p:attributeSourceIds="#{ {'mail'} }" ></bean> </util:list> ``` I need to transfer 4 attributes to the VCD, system will extract these attributes from the SAML token (if available) and use them for interpreting the corresponding pieces of information about the user attempting to log in: email address = "EmailAddress" user name = "UserName" full name = "FullName" user's groups = "Groups" user's roles = "Roles" (this attribute is configurable) Which configuration file is responsible for this? And could you give an example of filling it, please. In idp-process.log only one ERROR: ``` 2018-05-04 10:59:20,392 - ERROR [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:404] - Profile Action AddNameIDToSubjects: Error while generating NameID org.opensaml.saml.common.SAMLException: Invalid NameIdentifierGenerationService configuration at net.shibboleth.idp.saml.nameid.impl.ProxySAML2NameIDGenerator.generate(ProxySAML2NameIDGenerator.java:62) ``` My NameID cfg: [https://imgur.com/2MWqMPq](https://imgur.com/2MWqMPq)

By Mohib Zico Account Admin 04 May 2018 at 10:56 a.m. CDT

Mohib Zico gravatar
Closing this; [duplicate](https://support.gluu.org/single-sign-on/5388/i-want-use-gluu-saml-idp-for-vmware-vcloud-director/) ticket.