ADFS 2.0 groups Responder/requrstDenied

[Stephan D.]

Hi,

I setup AD FS 2.0 with simplesamlphp with suscess. Now I want to configure that only user of one group can get access to an application. I setup some claim rules for the groups and this works  fine ff the user who is trying to reach the application is member of the group, but if not I get an unhandles acception by simplesaml (I would expect something like a page which is telling the user, that he has no permissions for this app.

The exception is the following:

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 /var/www/app1.com/simplesaml/module.php:180 (N/A)
Caused by: sspmod_saml_Error: Responder/RequestDenied
Backtrace:
3 /var/simplesamlphp/sp/modules/saml/lib/Message.php:371 (sspmod_saml_Message::getResponseError)
2 /var/simplesamlphp/sp/modules/saml/lib/Message.php:498 (sspmod_saml_Message::processResponse)
1 /var/simplesamlphp/sp/modules/saml/www/sp/saml2-acs.php:75 (require)
0 /var/www/app1.com/simplesaml/module.php:135 (N/A)

Has somebody an Idea, what should I do?

Thanks in advance and best regards,

Stephan

[Andrés Montañez]

Hi Stephan,

how did you configured the Group Claims?

Is it in the AD config or in the SimpleSaml config?

Thanks!

[Peter Schober]

* Andr�s Monta�ez <and...@acilia.es> [2013-10-23 09:29]:

> how did you configured the Group Claims?
> Is it in the AD config or in the SimpleSaml config?

SimpleSAMLphp knows nothing about "Group Claims".

> > Backtrace:
> > 0 /var/www/app1.com/simplesaml/module.php:180 (N/A)
> > Caused by: sspmod_saml_Error: Responder/RequestDenied

^^^^^^^^^

I would take that to mean the error message to comes from the IdP.
-peter