Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADFS integration Error: The requested relying party trust is unspecified or unsupported #148

Open
Airtonmartins opened this issue Sep 23, 2020 · 1 comment
Open

ADFS integration Error: The requested relying party trust is unspecified or unsupported #148

Airtonmartins opened this issue Sep 23, 2020 · 1 comment

Comments

@Airtonmartins
Copy link

Hi, I'm trying to integrate our application with ADFS Authentication from a client, I followed the settings in documentation, when try login I receive an error in ADFS log:

Protocol Name: 
Saml 

Relying Party: 
https://MY_DOMAIN/saml2_auth/acs/ 

Exception details: 
Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://MY_DOMAIN/saml2_auth/acs/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlSignInContext.ValidateCore()
   at Microsoft.IdentityServer.Web.Protocols.ProtocolContext.Validate()
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.EvaluateHomeRealm(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

My settings:

SAML2_AUTH = {
    'METADATA_AUTO_CONF_URL': https://CLIENT_DOMAIN/FederationMetadata.xml,
    'CREATE_USER': 'TRUE',
    'NEW_USER_PROFILE': {
        'USER_GROUPS': [],  
        'ACTIVE_STATUS': True,  
        'STAFF_STATUS': True,  
        'SUPERUSER_STATUS': True,  
    },
    'ATTRIBUTES_MAP': {  attributes.
        'email': '...claims/email',
        'first_name': '...claims/name',
    },
    'ASSERTION_URL': MY_DOMAIN,
    'ENTITY_ID': .../saml2_auth/acs/,
    'USE_JWT': True,
    'FRONTEND_URL': MY_DOMAIN',  
    'NAME_ID_FORMAT': 'None',
}

ADFS server settings:

Relying party identifiers:
MY_DOMAIN
https://MY_DOMAIN

Endpoints:
SAML Assertion Consumer endpoints: https://MY_DOMAIN/saml2_auth/acs/
@joreize
Copy link

joreize commented Nov 9, 2020

Hello Airtonmartins,

did you find a solution for your problem?
I'm having the same issue while implementing DefectDojo and SAML.

Best Regards
Johannes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Airtonmartins @joreize