windows adfs/saml2 auth help

windows adfs/saml2 auth help

by Colin G -
Number of replies: 2
Hi. I am new to windows adfs/saml2 auth and I am trying to setup auth to our domain controller. I have setup the plugin but when I try to login via SAML2 ( https://moodle.org/plugins/auth_saml2 ) I get this error:

You have logged in succesfully but we could not find your 'uid' attribute to associate you to an account in Moodle.

When I run moodle/auth/saml2/test.php all I see is:


..

Can anyone give me help here or know what I am missing ??
Average of ratings: -
In reply to Colin G

Re: windows adfs/saml2 auth help

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

It looks like you've successfully authenticated with AD FS but Moodle isn't getting any attributes returned. From memory you have to configure "claims" for different attributes in AD FS for the "relying party", i.e. your Moodle site. The attributes you'd normally want to transfer are the username (userPrinicipalName or UPN), first name (givenName), last name (surname) and email address (email). Have you configured these attributes in the claim in AD FS? Can you add a screenshot of the attributes in the claim rule so we can check?

There are some notes in the auth_saml2 plugin docs which may help. This problem looks a bit like issue 1 except that no attributes are returned. Any further debugging output you can include by following these docs will help troubleshoot the issue.

Average of ratings: -
In reply to Leon Stringer

Re: windows adfs/saml2 auth help

by Colin G -
Thanks for the reply. I found out what the problem was. When I visited the IdP URL


It was showing "Error 503".

In the end I re-installed ADFS on windows using a different certificate. Once that was done the IdP URL started working and I managed to get everything else working including claims mapping to moodle profile fields.
Average of ratings: -