Gitlab integration with SAML ADFS

[Sebastien]

Hello,

I am working for several days on Gitlab integration with ADFS.
I have read this [documentation](http://doc.gitlab.com/ce/integration/saml.html) and here is my Gitlab settings :

external_url 'https://git-pr01.domain.be'
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
{
   name: 'saml',
   args: {
      assertion_consumer_service_url: 'https://git-pr01.domain.be/users/auth/saml/callback',
      idp_cert_fingerprint: '76:63:cd:51:2c:87:fd:d6:84:8d:cb:90:d5:ec:cd:6d:bf:3c:eb:2a',
      idp_sso_target_url: 'https://fs.domain.be/adfs/ls',
      issuer: 'https://git-pr01.domain.be',
      name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
   },
   label: 'SSO login' # optional label for SAML login button, defaults to "Saml"
}
]

I used this metadata XML file to set up the Relying Party Trust : https://git-pr01.domain.be/users/auth/saml/metadata
But I don't know what Claim rules add in ADFS.
Does anyone have already linked Gitlab with ADFS for SSO authentication ?

Here is the error :

The SAML authentication request had a NameID Policy that could not be satisfied.
Requestor: https://gitlab.domain.test
Name identifier format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
SPNameQualifier:  
Exception details:
MSIS7070: The SAML request contained a NameIDPolicy that was not satisfied by the issued token. Requested NameIDPolicy: AllowCreate: True Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress SPNameQualifier: . Actual NameID properties: Format: , NameQualifier:  SPNameQualifier: , SPProvidedId: .

This request failed.

User Action
Use the AD FS Management snap-in to configure the configuration that emits the required name identifier.

Could you help me please ?

Thanks a lot in advance