pluging SAML2 with ADFS 3.0

pluging SAML2 with ADFS 3.0

by patrick Guilloton -
Number of replies: 7

Hi,


Context:

we have a active directory domain, we synchronaze user account in Moodle

we want use SSO with ADFS service


we installed a SAML2 pluging and configured with ADFS

but we have a problème with a matching attributs

when we connect, we have this message:

You have logged in succesfully but we could not find your 'Name ID' attribute to associate you to an account in Moodle.


Conguration

ADFS

Claims rules



on pluging SAML2



Have you a solution for me ??


thanks

patrick

Average of ratings: -
In reply to patrick Guilloton

Re: pluging SAML2 with ADFS 3.0

by John James -

Hi Patrick,

I had this error also, and turns out  I had to use the full schema path for the mapping field I wanted to use. (In my case I mapped upn to Username.)

referring to this post: https://moodle.org/mod/forum/discuss.php?d=331626#p1389418

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn



I'm just having trouble mapping additional profile fields now.

Average of ratings: -
In reply to John James

Re: pluging SAML2 with ADFS 3.0

by Ron Vitug -
Can you provide a screen shot or step on how did you configure SAML 2 to ADFS 3.0? And how to get the IdP Metadata
Average of ratings: -
In reply to Ron Vitug

Re: pluging SAML2 with ADFS 3.0

by John James -

Hi Ron,

I hope this helps!

in the SAML2 settings page...

The metadata should be supplied by your ADFS admin. Either as the XML to paste, or the public XML url to use. You will need to work closely with whoever controls your ADFS instance to get this solution working. As they will need to know what claims you want configured to create mapping rules for.




Your ADFS administrator needs to have configured claims for all the fields you wish to map

(send 4 ldap attributes as claims example policy)


Mapping outing claims...


Example of 1 transform rule from above policy..




Average of ratings: -
In reply to John James

Re: pluging SAML2 with ADFS 3.0

by Ron Vitug -

Thanks John, I just wondering why it's not directing to the SAML2. It look like there 3 login option.

SAML


After I click the Login via SAML2  it's link to our ADFS but got Exception - Responder error.

Exception




Average of ratings: -
In reply to Ron Vitug

Re: pluging SAML2 with ADFS 3.0

by Ron Vitug -

Up... Any Idea? I'm still getting Exception Responder

Average of ratings: -
In reply to Ron Vitug

Re: pluging SAML2 with ADFS 3.0

by John James -

The exception responder message is not detailed enough, You could try turning on detailed debug logs in moodle, or having the ADFS Administrator review their logs as well. It could be misconfigured claims, or a certificate problem etc.

If you want to skip the default login page and have SAML2 as the default option, that is controlled under Authentication settings in Moodle Administration.

Sorry I couldn't be of more help.


Average of ratings: -
In reply to John James

Re: pluging SAML2 with ADFS 3.0

by Rob P -

Hi John,

I've been trying to set up our moodle with Saml2 in a similar way but I am having trouble with the mapping of fields too. I can't seem to get it to accept the schema path though as the plugin is telling me "This value is not valid".

Did you run into anything like that when you were entering the schema path?

Cheers,

Rob

Average of ratings: -