borismee
Reputation: 75
ADFS integration - claim missing http://schemas.itfoxtec.com/ws/2014/02/identity/claims/saml2nameidformat
After integration with Okta, I'm trying to integrating SSO with ADFS.
All goes smooth until logout.
I have an exception:
Caught Exception: System.ArgumentNullException: Value cannot be null. (Parameter 'uriString')
at System.Uri..ctor(String uriString)
at ITfoxtec.Identity.Saml2.Saml2LogoutRequest..ctor(Saml2Configuration config, ClaimsPrincipal currentPrincipal)
at SiqApi.Controllers.Login.LoginController.Logout() in C:.....
After digging to the code, I found that ADFS missing the following claim (exists in Orka claims):
http://schemas.itfoxtec.com/ws/2014/02/identity/claims/saml2nameidformat - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
The source of the exception is in the Saml2LogoutRequest constructor
new Uri(Saml2LogoutRequest.ReadClaimValue(identity, "http://schemas.itfoxtec.com/ws/2014/02/identity/claims/saml2nameidformat", false))
Am I missing something in the ADFS configuration?
Please, advise.
Upvotes: 1
Views: 164
Answers (1)
Anders Revsgaard
Reputation: 4334
You need to change the configuration on the AD FS to issue the NameID with a format. A NameID with a format is required to do logout.
AD FS is unfortunately capable of issuing a NameID without a format, which causes this error.
Upvotes: 1
Related Questions
- SAML 2.0 to OpenID Connect missing SUB claim
- ADFS idpinitiatedsignon SAML assertion not signed
- Adding claim details from SQL Server (Not from Active Directory) in SAML 2.0 Response using ADFS 3.0
- ADFS 2.0 simpleSAML issue: More than one claim based on SamlNameIdentifierClaimResource was produced
- InvalidNameIDPolicy working with ADFS
- SAML 2.0 claims not passing through ADFS
- SAML IDP and WS-Federation SP with ADFS 2.0
- ADFS - Issuance Authorization Ruleset error
- SAML IDP, ADFS 2.0 SP & WS-Fed Application
- ADFS 2.0 claims transformation