Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SAML SSO logginf with ADFS - InvalidNameIDPolicy

PawelP
Comes here often
‎Feb 28 2023 1:02 AM
‎Feb 28 2023 1:02 AM

SAML SSO logginf with ADFS - InvalidNameIDPolicy

Hi

We are trying enabling saml sso logging with our ADFS server


We follow meraki documentation and still have some issues

 

1. When using IDP ( login via our portal) it is working fine
2. When using SP approach - logging via Meraki dashboard 

We receive such error in meraki logs


Assertion validation error: The status code of the Response was not Success, was Requester => InvalidNameIDPolicy

<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"/>
</samlp:StatusCode>
</samlp:Status>


Maybe someone have working solution and can provide detailed configuration on ADFS site
I am sure that issue is somewhere in ADFS configuration but couldnt find where exactly

 

Regards
Pawel

 

0 Kudos
Subscribe
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 28 2023 4:07 AM
‎Feb 28 2023 4:07 AM

By default, ADFS sends the NameId format as "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified". You can adjust it. See: https://social.technet.microsoft.com/wiki/contents/articles/4038.ad-fs-2-0-how-to-request-a-specific...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
PawelP
Comes here often
‎Mar 1 2023 1:31 AM
‎Mar 1 2023 1:31 AM

HI

Thanks for replay

Our admin already found this but so far no luck with setup it correctly

Still searching

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 28 2023 12:05 PM
‎Feb 28 2023 12:05 PM

For the love of the networking gods - do you have to use ADFS?  Could you use SAML against AzureAD, Duo, or any other SAML provider?  🙂

 

ADFS is a dying product, and the less you configure to use it, the less you'll have to migrate later.

Subscribe
In response to PhilipDAth
PawelP
Comes here often
‎Mar 1 2023 1:34 AM
‎Mar 1 2023 1:34 AM

HI

We have tens of portals configured using ADFS and no problem so far

Anyway if Meraki still support it so I think it will not die soon, no oficial announcment found on Microsoft about it

So far it is our standard currently. Question to our admin what they plan for future

 

Regards

0 Kudos
Subscribe
Fady
Meraki Employee
Meraki Employee
‎Jun 26 2023 9:48 PM
‎Jun 26 2023 9:48 PM

You need to create a transform rule with the below parameters.

 

Fady_0-1687841257334.png

 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.