SAML Authentication Issue
1,050 views
Skip to first unread message
nicko...@gmail.com
Feb 1, 2013, 1:38:08 PM2/1/13
to canvas-l...@googlegroups.com
I am trying to roll out a single sign on service for a customer that uses canvas and have been using simplesamlphp to do this. I think I have everything working correctly but when I try to login through my service canvas gives me this error Canvas doesn't have an account for user: RANDOM ALPHANUMERIC SEQUENCE
I know that the user is in Canvas and my authentication is working correctly through simplesaml what I'm most confused about though is what I actually need to be sending back to canvas for the authentication.
What my auth source is returning
return array('name' => array($user->user_name));
What my metadata looks like
$metadata['https://mytestsite.com/saml/saml2/idp/metadata.php'] = array(
'AssertionConsumerService' => 'https://client.test.instructure.com/saml_consume','ForceAuthn' => TRUE,'SingleLogoutService' => 'https://client.test.instructure.com/saml_logout','NameIDFormat' => 'urn:oasis:names:tc:SAML2.0:nameid-format:email','simplesaml.nameidattribute' => 'Username','simplesaml.attributes' => false
);
My Canvas Authentication Settings
| Login Attribute | NameID |
| Identifier Format | urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
| Login Label | Username |
Can anyone help me make sense of what I'm doing wrong, I would really appreciate it.
da...@zerbash.com
Jul 31, 2013, 10:00:00 AM7/31/13
to canvas-l...@googlegroups.com, nicko...@gmail.com
Did you ever find the solution to this?
Nick Snyder
Jul 31, 2013, 10:33:58 AM7/31/13
to da...@zerbash.com, canvas-l...@googlegroups.com
Yes, I got it working but I don’t remember exactly what I did to fix the issue. It was probably something to do with the certificate
Paul Hinze
Jul 31, 2013, 6:25:59 PM7/31/13
to canvas-l...@googlegroups.com, da...@zerbash.com
> Canvas doesn't have an account for user: RANDOM ALPHANUMERIC SEQUENCE
This usually means that the Identity Provider sent along the "transient" login attribute rather than the actual user name or email. It usually points to some sort of configuration mismatch, but it can be a bunch of different things, so normally it's best to review the specific configs in question.
David, let me know if you're still having trouble with this and I'm happy to try and help.
Paul Hinze
Instructure Engineer
--
---
You received this message because you are subscribed to the Google Groups "Canvas LMS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to canvas-lms-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Sujit Sagar
Aug 27, 2015, 6:41:44 AM8/27/15
to Canvas LMS Users, nicko...@gmail.com, da...@zerbash.com
Hi, did you find solution to this?
jason davis
Mar 16, 2016, 2:22:28 PM3/16/16
to Canvas LMS Users
We ended up having luck with setting Login Attribute in canvas to eduPersonPrincipalName and on the simplesaml side remapping our username field to eduPersonPrincipalName
Message has been deleted
Babu NV
Mar 2, 2017, 1:50:07 AM3/2/17
to Canvas LMS Users, nicko...@gmail.com
When I use SAML, the destination url is giving 'Page not found error'. Please help.
URL giving the error:
http://mysite.acme.instructure.com/saml_consume
Thanks
URL giving the error:
http://mysite.acme.instructure.com/saml_consume
Thanks
Cody Cutrer
Mar 2, 2017, 10:52:22 AM3/2/17
to canvas-l...@googlegroups.com, nicko...@gmail.com
Make sure you're using the URL in the SAML metadata (at /saml2). It should be pointing you at /login/saml, not /saml_consume
Cody Cutrer
Software Engineer
Instructure
--
---
You received this message because you are subscribed to the Google Groups "Canvas LMS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to canvas-lms-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages