March 2, 2022 at 9:29 pm #28794niadsystemsParticipant
I am using ForgeRock Access Management as the Identity Provider with an ASP.NET Webforms application as the Service Provider. I am doing an SP initiated SSO. SP is setup as a Remoted Identity Provider, and IDP is setup as a hosted Identity Provider. I have set up identities using the embedded OpenDJ identity store.
The following error is generated in the Federation log after the SP initiates the SSO, and when the IDP is trying to connect to the AssertionConsumerService.
Any inputs would be appreciated.
DEBUG: DoManageNameID.removeIDPFedSession trying to remove entity=http://NiadServiceProvider, nameID=MQn1laR0S3KpqCVnB2AiZvklmWy7 from IDP session cache
o.f.o.s.UtilProxySAMLAuthenticatorLookup: 2022-03-02 17:16:03,024: Thread[http-nio-8080-exec-8]: TransactionId[cee84c25-fa5b-408c-aea6-883ff540f925-548093]
ERROR: UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: Unable to do sso or federation.
com.sun.identity.saml2.common.SAML2Exception: Unable to generate NameID value.March 3, 2022 at 12:59 pm #28795Andrew PotterParticipant
What NameID format is being requested by the SP?
Do you have a mapping for that value in the ‘NameID Format List’ in the IDP config?
See NameID Format List here:
You must be logged in to reply to this topic.