By: Hao Bin Kwan Account Admin 14 Feb 2017 at 1:40 a.m. CST

2 Responses
Hao Bin Kwan gravatar
Hi Support, I'm rather new to IDP and have a test environment with Gluu CE 2.4.4 on Centos7.2. Currently my SP is connecting to Asimba and ADFS is added to Asimba IDP's successfully. On ADFS' end I have also added Asimba metadata so they are trusted both ways. When I browse to protected page, a selector page is shown and after I selected "ADFS IDP", I was redirected to ADFS login page (screenshot adfs-login.JPG). However after I entered my username and password on ADFS login, I'm shown a page with following error: (screenshot sp error.JPG) **Error from identity provider: Status: urn:oasis:names:tc:SAML:2.0:status:Responder Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed** For reference, I've also attached configuration screenshot of ADFS IDP on Asimba, wrapper.log from tomcat and the ADFS attributes mapping. Please let me know if you need more config or log. Hopefully you can guide us on how we can integrate Gluu with ADFS. Thank you in advance!

By Mohib Zico staff 14 Feb 2017 at 5:36 a.m. CST

Mohib Zico gravatar
Hi Hao, Problem is in NameID. You need to create nameID from ADFS side and release that to your Gluu-Asimba server. ``` INFO | jvm 1 | 2017/02/14 15:05:22 | (ASIMBAWA) [2017-02-14 15:05:22] [DEBUG] AuthenticationRequestProtocol No NameID Format specified by requestor, using: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ..... ..... INFO | jvm 1 | 2017/02/14 15:06:32 | (ASIMBAWA) [2017-02-14 15:06:32] [WARN] AbstractAuthNMethodSAML2Profile No NameID in Subject when trying to establish User from Assertion INFO | jvm 1 | 2017/02/14 15:06:32 | (ASIMBAWA) [2017-02-14 15:06:32] [ERROR] WebBrowserSSOProfile Response user conditions not met (no user found) ```

By Hao Bin Kwan Account Admin 17 Feb 2017 at 4:56 a.m. CST

Hao Bin Kwan gravatar
Hi Zico, Thanks for the great help and point out the important part (NameID). Following this guide(https://techontip.wordpress.com/2016/05/26/adfs-nameid-claim-with-additional-properties/) to release NameID from ADFS, we're able to integrate it with Gluu successfully. Cheers :)