Hi
I’m trying to get SAML working but am having a few issues. I’ve been advised by our federation services team that the nameid-format should be set to unspecified.
The error I’m getting is:
SAML SSO failed: invalid_response. Last Reason: The status code of the Response was not Success, was Requester -> Cannot provide requested name identifier with format urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified for the given subject
With name format.
‘NameIDFormat’ => ‘urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified’,
I’m unsure where to go or what to check next for troubleshooting as I’m new to SAML.
I’ve now been able to move beyond this issue but am now getting x509 certificate errors:
SAML SSO failed: invalid_response. Last Reason: openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! Exception Type: OneLogin_Saml2_Error
The idp is not showing any errors and I can’t find anything on the web related to this error.
Have you copied the signing certificate in to the correct place in the settings-custom.php or settings.php file. It should be all on one line, and should not have the --- BEGIN CERTIFICATE --- etc lines.
I’m not a SAML expert, but the error suggests that one of the certificates or keys isn’t in the format it’s expecting it to be. I’d go back and export the certificates again, ensuring they’re in X.509 format.