ADFS connexion error

To be completed by the original poster:

CMS Version

3.3.1.

Installation Method

Custom install

Operating System

Ubuntu 22.04 LTS

Issue

Bonjour,

I set up the ADFS connection by following this guide : SAML Single Sign on with Active Directory - ADFS | Xibo Digital Signage
Unfortunately it does not work.
I arrive on the adfs authentication page but once connected I have this error message

I tried to work with SAML trace and I get this error message:

HTTP/1.1 403 Forbidden
Date: Fri, 23 Dec 2022 11:46:46 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 2332
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

I also give you my configuration file :

$authentication = new \Xibo\Middleware\SAMLAuthentication();

$samlSettings = array (
‘workflow’ => array(
// Enable/Disable Just-In-Time provisioning
‘jit’ => true,
// Attribute to identify the user
‘field_to_identify’ => ‘UserName’, // Alternatives: UserID, UserName or email
// Default libraryQuota assigned to the created user by JIT
‘libraryQuota’ => 1000,
// Initial User Group
‘group’ => ‘Users’,
// Home Page
‘homePage’ => ‘icondashboard.view’,
// Enable/Disable Single Logout
‘slo’ => false,
// Attribute mapping between XIBO-CMS and the IdP
‘mapping’ => array (
‘UserID’ => ‘’,
‘usertypeid’ => ‘’,
‘UserName’ => ‘uid’,
‘email’ => ‘mail’,
)
),
// Settings for the PHP-SAML toolkit.

‘strict’ => false,
‘debug’ => true,
‘idp’ => array (
‘UserID’ => ‘’,
‘usertypeid’ => ‘’,
‘UserName’ => ‘uid’,
‘email’ => ‘mail’,
)
),
// Settings for the PHP-SAML toolkit.

‘strict’ => false,
‘debug’ => true,
‘idp’ => array (
‘entityId’ => ‘idp.fqdn/saml/acs’,
‘singleSignOnService’ => array (
‘url’ => ‘idp.fqdn/adfs/ls’,
),
‘singleLogoutService’ => array (
‘url’ => 'idp.fqdn/simplesaml/saml2/idp/SingleLogoutService.>
),
‘x509cert’ => 'TYiu’5fdfdht^èwIBAgIQORZ5sjFwj4pDL9+/YNffjsufcbbkiG9w0BAQsFADA0MTIwMAYDVQ>
),
‘sp’ => array (
‘entityId’ => ‘xibo-cms.fqdn/saml/metadata’,
‘assertionConsumerService’ => array (
‘url’ => ‘xibo-cms.fqdn/saml/acs’,
),
‘singleLogoutService’ => array (
‘url’ => ‘xibo-cms.fqdn/saml/sls’,
),
‘NameIDFormat’ => ‘urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress’,
‘x509cert’ => ‘’,
‘privateKey’ > ‘’,
),
‘security’ => array (
‘nameIdEncrypted’ => false,
‘authnRequestsSigned’ => false,
‘logoutRequestSigned’ => false,
‘logoutResponseSigned’ => false,
‘signMetadata’ => false,
‘wantMessagesSigned’ => false,
‘wantAssertionsSigned’ => false,
‘wantAssertionsEncrypted’ => false,
‘wantNameIdEncrypted’ => false,
‘requestedAuthnContext’ => false,
)
);

Thanks for your help

Finally, I did the whole setup from the beginning.
I get another mistake:

The status code of the Response was not Success, was Requester → urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.