SAML setup issues

Creation date: 11/3/2017 10:09 AM    Updated: 11/6/2017 6:57 AM    saml
Question:

I got SAML setup using our onsite ADFS server. When trying to log into the on-prem help desk via SAML I get the error "Error processing SAML Response". In the web server logs i see:

System.NullReferenceException: Object reference not set to an instance of an object.
at Saml.Response.GetNameID()
at HelpDesk.Controllers.SamlController.Consume()


This is the atrributestatement that the site gets after the user attempts to log in:

<AttributeStatement>
<Attribute Name="NameID">
<AttributeValue>cabbs</AttributeValue>
</Attribute>
<Attribute Name="User.email">
<AttributeValue>cabbs@xxxx.us</AttributeValue>
</Attribute>
<Attribute Name="FirstName">
<AttributeValue>Chad</AttributeValue>
</Attribute>
<Attribute Name="LastName">
<AttributeValue>Abbs</AttributeValue>
</Attribute>
</AttributeStatement>

Not sure what I may be missing to get this working.



Answer:


Sometimes with ADFS responses the NameID element is simply missing from the Subject XML element in the Response you send to our server. The most probable cause for that is NameID is not properly set up as an "Outgoing Claim Type" in a "Claims Rule".

Try these steps:

  1. Select Edit Claims Rule.
  2. Select Add Rule.
  3. On the Select Rule Template page, select Transform an Incoming Claim for the Claim rule template and then select Next.
  4. On the Configure Rule page, in the Claim rule name field, type Transform Email to Name ID.
  5. Incoming claim type should be SamAccountName (it must match the Outgoing Claim Type created initially in the Transform Username to NameID rule).
  6. The Outgoing claim type is Name ID.
  7. The Outgoing name ID format is Email.
  8. Confirm Pass through all claim values is selected and select Finish.
  9. Select OK to save the rule and OK again to complete the attribute mappings.
Errors and solutions for Jitbit Helpdesk ticketing system