[OpenAM] OpenAM setup for zendesk SAML2.0

Mohammad Faisal faisal at cempaka.edu.my
Thu Apr 12 19:30:07 BST 2012


Hi There,

Here the xml file

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="zendesk.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata 
">
     <SPSSODescriptor AuthnRequestsSigned="false"  
WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol 
">
         <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress 
</NameIDFormat>
         <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
" Location="https://xxxx.zendesk.com/access/saml"/>
     </SPSSODescriptor>
</EntityDescriptor>

already check between idp and sp configuration match their SAML  
insertion. Now I getting error in zendesk page

"zendesk saml Unable to identify user from name id  
"6saahsa8d7as8das8sdasa" in response". It seem that the saml already  
going trough. Any idea?


Thanks



On Apr 12, 2012, at 4:42 PM, Peter Major wrote:

> Can you share the SAMLRequest sent by Zendesk? I believe the  
> SAMLRequest
> tries to request to use transient NameID, but your IdP configuration
> does not have transient NameID configured. This will result in the
> mentioned error message.
> So just to clarify: the IdP MUST support the nameid format requested  
> by
> the SP.
>
> Also in your setting oisis doesn't sound right, that should be more  
> like
> oasis?
>
> Regards,
> Peter
>
> 2012-04-12 10:01 keltezéssel, Mohammad Faisal írta:
>> Hi,
>>
>> The values is urn:oisis:names:tcSAML:1.1:nameid:format:emailAddress
>>
>> on assertion processing tab in attribute Mapper I put Name ID=mail as
>> a mapping.
>>
>>
>> Thanks for the reply
>>
>>
>> On Apr 12, 2012, at 3:17 PM, Peter Major wrote:
>>
>>> Hi,
>>>
>>> in your IdP configuration what values do you have in the NameID- 
>>> Format
>>> settings?
>>>
>>> Regards,
>>> Peter
>>>
>>> 2012-04-12 08:01 keltezéssel, Mohammad Faisal írta:
>>>>> Hi There,
>>>>>
>>>>> Appreciate if someone out there had experience set up zendesk saml
>>>>> login with openam.
>>>>> openam come out with this error message.
>>>>>
>>>>>
>>>>> HTTP Status 400 - Error processing AuthnRequest. Service provider
>>>>> does
>>>>> not support name identifier format
>>>>> urn:oasis:names:tc:SAML:2.0:nameid-format:transient
>>>>> .
>>>>>
>>>>> type Status report
>>>>>
>>>>> message Error processing AuthnRequest. Service provider does not
>>>>> support name identifier format
>>>>> urn:oasis:names:tc:SAML:2.0:nameid-format:transient
>>>>> .
>>>>>
>>>>> description The request sent by the client was syntactically
>>>>> incorrect
>>>>> (Error processing AuthnRequest. Service provider does not support
>>>>> name
>>>>> identifier format urn:oasis:names:tc:SAML:2.0:nameid-format:transient.)
>>>>> .
>>>>>
>>>>> I would be most grateful if some one could give some light.
>>>>>
>>>>> Thanks for any help
> _______________________________________________
> OpenAM mailing list
> OpenAM at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam




More information about the OpenAM mailing list