ADFS and simplesamlphp - missing "Subject" attribute

Jim Coalwell
Jim Coalwell used Ask the Experts™
on
Hi guys,

On our side we have a SAML2.0 SP implementation using simplesamlphp. Which works for dozens of customers. Including 5 ADFS customers.

But now we have one of the new integrations when things does not work. And it seems AD FS is not sending us required attributes. Customer claims that they as well have dozens of integrations and all of them work.

Their ADFS version is 3.0

Differences that we see between other responses (from successfull integrations with ADFS) and their response:
 
1.      There is no <status> xml node
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_36da30d0-467d-4eec-8dbd-f9da25545c61" IssueInstant="2017-08-09T12:42:00.977Z" Version="2.0">
2.      No Assertion node: <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_36da30d0-467d-4eec-8dbd-f9da25545c61" IssueInstant="2017-08-09T12:42:00.977Z" Version="2.0">
3.      No “<Subject>” node. The response ends with “<Signature>” xml node. And in other successfull implementations there is a “<Subject>” node which includes all the attributes (like uid, email and etc).

What could that be? They say, all claims are setup from their side.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kevin CrossChief Technology Officer
Most Valuable Expert 2011

Commented:
Maybe they didn't configure SAML 2.0 correctly with their ADFS.  You could send them your standard setup from other customers OR reference something online like http://wiki.servicenow.com/index.php?title=Configuring_ADFS_3.0_to_Communicate_with_SAML_2.0#gsc.tab=0

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial