Markm Posted September 12, 2019 Posted September 12, 2019 Hi folks, After getting sidetracked with an infuriating SSL cert issue on ADFS I'm back to this issue of single sign on and the ADFS/Hornbill relationship. I've started a new thread for this issue as i'd like to direct some new asks for help if i may. I've configured my ADFS with SAML and WS-Federation as per attached. But getting this error in logs The request specified an Assertion Consumer Service URL 'https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml' that is not configured on the relying party 'https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml'. Assertion Consumer Service URL: https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml Relying party: https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified URL for this relying party. I suspect I haven't employed the correct URL in my WS-Fed and SAML entries.
Gerry Posted September 12, 2019 Posted September 12, 2019 @Markm When ever we try to do stuff with ADFS here at Hornbill we invariably have to go and hire in some expertise, it certainly is a frustrating experience, I can understand where you are coming from. I am not sure if this document gives you any clues? Have you seen it?https://wiki.hornbill.com/index.php/SSO_Example_Config_Microsoft_ADFS_2.0_for_User_Accounts [edit] If you follow that document it shows you how to download the SAML meta data from our service, by clicking on the "Customer" button, if you look in that file (its an XML file) it contains all the supported URL endpoints. Gerry
TrevorHarris Posted September 12, 2019 Posted September 12, 2019 Hi @Markm As suggested in the document @Gerry posted you should download the Service metadata from the Hornbill Admin tool and import that into a new Relying Party Trust on the ADFS server, this will configure it for you. Thanks Trevor Harris
Markm Posted September 12, 2019 Author Posted September 12, 2019 Gents, thanks for your responses. The working method for myself (but not for Chrome oddly) is to do the following in AFDS:- Open new record for Replying Party Trust (below) Selecting option 1, enter the addresses as shown and then save the defaults. I've the downloaded (User/Device/Live etc) from the SSO page but they didn't work properly for me. Anyway, this may be useful for somebody else.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now