Forums, Documentation & Knowledge Base - ComponentSpace

NameIDPolicy and ADFS


https://www.componentspace.com/forums/Topic1726.aspx

By dmarlow - 10/8/2015

I'm not very familiar with ADFS, but it seems whenever I attempt to integrate with an ADFS IdP, they always run into some sort of NameIDPolicy issue. My AuthnRequest contains a a NameIDPolicy and I always get back an InvalidNameIDPolicy error. I tried setting the format value to all things defined in their metadata, but no luck. I guess they need to do something on their end to enable, or allow it. Is there something on my end I can adjust or is there some magic ADFS words I can tell them so they know what they need to do on their end?

Thanks!
By ComponentSpace - 10/31/2015

We use the default value of "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" as the NameIDPolicy and haven't been able to get this to fail with ADFS.
The ADFS configuration we use is documented in our Developer Guide.
It would be interesting to compare ADFS configurations. There must be some setting on the ADFS side that is causing the issue for some users but not for others.