saml questions - Page 1

Falcon Momot

Asked: 2021-05-03 17:29:36 +0800 CST

AADSTS50107: Requested federation realm object does not exist, when integrating Okta as an IdP for AAD

4

I'm trying to set up AAD with Okta, and find that when users visit the App Embed link and it posts their SAML response to https://login.microsoftonline.com/login.srf, they get an unhelpful error:

AADSTS50107: Requested federation realm object 'http://okta.com/..............' does not exist

I already set up an external identity provider. How do I get it to recognize my domain?

Wyphorn

Asked: 2021-04-23 00:44:50 +0800 CST

Subversion Server with Azure AD SSO

2

There is a running CollabNet Subversion Edge Server in the current version 5.2.4. It is currently connected with LDAP for authentication.

Now there is a challenge to grant permission to b2b guests of our azure ad to use this SVN. Is there any way to connect SubVersion Edge to Azure AD for authentication? Or is there any buyable solution to get this run? Or is there another SVN server which is able to authenticate with Azure AD (OpenId/SAML)?

I have searched a lot of time, but it seems not usual to connect a 90s application to a 21th century technology.

user540468

Asked: 2020-06-17 05:06:15 +0800 CST

How can I resolve "SAML Providers must reference at least one SAML assertion issuer" message?

2

I want to setup a SSO solution using Keycloak 10.0.2 as the Identity Provider. The first application I want to setup is AWS.

I followed this tutorial to enable Keycloak to sign me in using SAML. I noticed, that this tutorial is guiding me to download the “SAML Metadata IDPSSODescriptor” from the client's "Installation"-Tab. However, I can only choose "SAML Metadata SPSSODescriptor".

In AWS, I entered the name of my realm as "Provider Name" and imported the SPSSODescriptor. This led to the following error: SAML Providers must reference at least one SAML assertion issuer.

Franz Noel

Asked: 2016-12-30 15:37:11 +0800 CST

Configuring Google Chrome to Connect to AD Configured with Kerberos and Using ADFS

3

I'm trying to configure Google Chrome (and Firefox) to authenticate using Active Directory tunneled through ADFS SAML/Kerberos Endpoints and an Apache application using Shibboleth. Here are some settings I have inside each machine.

Active Directory Setting: I am using an Active Directory User Account configured with Kerberos DES Encryption and also have Kerberos preauthentication in Windows Server 2012 r2.

IE Setting: The IE Security Setting for Internet and Trusted Sites has User Authentication set to "Automatic logon with current user name and password" (to automatically login Windows current user). The domains for ADFS and the Apache application are added in the allowed sites.

Windows Server 2012 r2 ADFS Setting: The Windows Server 2012 r2 is configured using ADFS with SAML and Kerberos Endpoints enabled.

Shibboleth SP Setting: The Shibboleth SP runs in Apache, and is configured to use SAML.

What's succesfully happening: The Windows user account can successfully login to any Windows 7 Operating System and above using IE9 and latest. There are no prompts once the Windows user logs in to the Apache application. The Windows user is directed immediately to the Apache Application configured with Shibboleth SP.

What's wrong? Whenever I go to Google Chrome or Firefox, it is not directing immediately to the secure application content page. Instead, it connects the Windows user to an ADFS login screen and login fails (because it seems to be using Kerberos from Active Directory setting, which ADFS does not use on login screen).

Goal: Assuming that Google Chrome takes the security setting from Internet Explorer to use, logging in to the Apache application should work without a hassle.

So, how do I configure Google Chrome properly (or any other configuration) to allow Windows user to login automatically to the Apache application?

Update

Error I get the following error from the Apache application:

openSAML::FatalProfileException at (https://c-app01.contoso.com/Shibboleth.sso/SAML2/POST)

SAML response reported an IdP error.

Error from identity provider: 

    Status: urn:oasis:names:tc:SAML:2.0:status:Responder

GaryF

Asked: 2016-10-08 04:45:31 +0800 CST

How to create an SPN for an ADFS server with an alias

2

I have a colleague who has set up an ADFS server in a test environment and that have given the ADFS server an alias.

host name test-server.tdom.com
alias test-adfs.tdom.com

The server is running under a specific AD user account.

The replying party trusts have been set up to trust the alias.

We have been able to set SPNs for the host name as follows

setspn -s HTTP/test-server.tdom.com Admin
setspn -s HTTP/test-server $

But not for the alias if he tries to register.

setspn -s HTTP/test-adf $ returns a message stating the "account test-adf $ cannot be found".

Congruently we cannot get IWA to function.

Does anyone know how the SPN can be set for the alias.

AADSTS50107: Requested federation realm object does not exist, when integrating Okta as an IdP for AAD

Subversion Server with Azure AD SSO

How can I resolve "SAML Providers must reference at least one SAML assertion issuer" message?

Configuring Google Chrome to Connect to AD Configured with Kerberos and Using ADFS

How to create an SPN for an ADFS server with an alias

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Questions[saml](server)