IDP issue with ADFS SP

[Fabrice Cunuder]

Hi everyone, 

We use SimpleSAMLphp version 2.3.3.

We migrate from older version 1.x

We use it as an IDP and the SP is an ADFS, since the migration we have this errors (SAML Tracer).

<samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" /> <samlp:StatusMessage>SimpleSAML\Error\Exception: AttributeNameID: Missing required option 'identifyingAttribute'.</samlp:StatusMessage> </samlp:Status>

if someone can help me on this.

Thanks in advance.

[Levis]

In SP config check if identifyingAttribute has correct value or not.

[Fabrice]

Hi Levis,

Ok I found out , it's still not working, but at least no errors on the SSP,  the attributes are sent.

Thank you very much.

Fabrice.

[Fabrice]

Hi levis,

Thank you, 

Do you mean on the ADFS server side ?

Thank you

Fabrice.

Le jeudi 10 juillet 2025 à 01:27:59 UTC+2, Levis a écrit :

[Tim van Dijen]

Hey Fabrice! Have you figured things out yet?

Levis was spot-on.. Some things have been renamed in 2.x:
https://github.com/simplesamlphp/simplesamlphp/commit/1df8a6b101e067091c8708a2af737d3be1d1bc51

If you still have an issue, can you tell us a bit more?

- Tim

Op donderdag 10 juli 2025 om 20:56:58 UTC+2 schreef Fabrice:

[Fabrice]

Hello, 

Yes I found finally, the second issue was an issue from the provider, that he fix it.

The first issue, was fixed by adding : 

'authproc' => [
    99 => array(
            'class' => 'saml:AttributeNameID',
            'identifyingAttribute' => 'uid',
            'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
        ),
    ],

Directly in the metadata of the SP.

Thank you Again,

Fabrice

Thank you