I'm migrating from a UAT environment to a Production environment. The users are able to log in just fine using SSO in UAT. I've imported the new IDP file from the SSO provider into the Prod environment and generate a new sp_metadata.xml file that is sent back to them. When we try and test the Prod SSO we are getting the error "Unable to validate Response, because of error: The selected principal key fmFederationID in the configuration, isn't available in the response" The SSO assertion contains <saml:Attribute Name="fmFederationId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" > <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string" >I100063322</saml:AttributeValue> </saml:Attribute> Can someone point me where I might look?
asked
Richard Herndon
1 answers
2
I would advise to install SAML tracer in Firefox or some comparable program for Chrome. What the error is telling you is that you selected the attribute fmFederationID as the field to look up users but that in the return message from the SAML server this attribute is missing. So inspect the XML you send and you receive back from the identity provider. My hunch is that you probably made a mistake in the setting of SAML.