PradipB
Reputation: 87
AWS SSO with Sustainsys/Saml2
While configuring AWS SSO SAML 2.0 application by default it does not include and NameIdFormat and if we go with this default metadata for our Service Provider, Sustainsys/Saml2 giving error like below.
Which configuration we can use to make it working without any defined NameIdFormat ?
MetaData provided by Identity Provider
Please note <md:NameIDFormat /> in metadata
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://portal.sso.us-east-2.amazonaws.com/saml/assertion/REMOVED_FOR_BREVITY">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>REMOVED_FOR_BREVITY</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-2.amazonaws.com/saml/logout/REMOVED_FOR_BREVITY" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-2.amazonaws.com/saml/logout/REMOVED_FOR_BREVITY" />
<md:NameIDFormat />
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-2.amazonaws.com/saml/assertion/REMOVED_FOR_BREVITY" />
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-2.amazonaws.com/saml/assertion/REMOVED_FOR_BREVITY" />
</md:IDPSSODescriptor>
</md:EntityDescriptor>
Error return by Sustainsys/Saml2
Sustainsys.Saml2.Metadata.MetadataSerializationException: NameIDFormat element with no uri
at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadNameIDFormat(XmlReader reader)
at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadSsoDescriptorElement(XmlReader reader, SsoDescriptor descriptor)
at Sustainsys.Saml2.Metadata.MetadataSerializer.<>c__DisplayClass119_0.<ReadIdpSsoDescriptor>b__0()
at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadChildren(XmlReader reader, Func`1 childAction)
at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadIdpSsoDescriptor(XmlReader reader)
at Sustainsys.Saml2.Metadata.MetadataSerializer.<>c__DisplayClass118_0.<ReadEntityDescriptor>b__0()
at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadChildren(XmlReader reader, Func`1 childAction)
at Sustainsys.Saml2.Metadata.MetadataSerializer.ReadEntityDescriptor(XmlReader reader, SecurityTokenResolver tokenResolver)
at Sustainsys.Saml2.Metadata.MetadataLoader.Load(XmlDictionaryReader reader)
at Sustainsys.Saml2.Metadata.MetadataLoader.Load(String metadataLocation, IEnumerable`1 signingKeys, Boolean validateCertificate, String minIncomingSigningAlgorithm)
at Sustainsys.Saml2.Metadata.MetadataLoader.LoadIdp(String metadataLocation, Boolean unpackEntitiesDescriptor)
at Sustainsys.Saml2.IdentityProvider.DoLoadMetadata()
at Sustainsys.Saml2.IdentityProvider.set_LoadMetadata(Boolean value)......
Upvotes: 0
Views: 376
Answers (0)
Related Questions
- AWS SSO/AWS Opensearch SAML integration
- Sustainsys.Saml2 - Saml2/Acs endpoint returns Error 500 when processing SSO
- AWS SSO 'no access error' with Custom SAML application
- AWS SSO - Your request included an invalid SAML response
- Create SSO for AWS from Azure AD
- How to set up AWS SSO as an Auth0 Enterprise SAML Connection
- Using Sustainsys.saml2 behind an SSL offloading
- SAML SSO with WAS v 8.5
- AEM 6.2 SSO (SAML) Integration
- SAML2.0 SSO with the WSO2 Identity Server?