Jump to content

ADFS and Hornbill Part 2


Markm
 Share

Recommended Posts

Hi folks,

After getting sidetracked with an infuriating SSL cert issue on ADFS I'm back to this issue of single sign on and the ADFS/Hornbill relationship.

I've started a new thread for this issue as i'd like to direct some new asks for help if i may.

I've configured my ADFS with SAML and WS-Federation as per attached.

image.png.7e6ffc0e66d5ec01b40bb6ff21cbfbfd.png

image.png.92218d29cb58e69e9fc85b1e8f60b832.png

But getting this error in logs

The request specified an Assertion Consumer Service URL 'https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml' that is not  configured on the relying party 'https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml'. 
Assertion Consumer Service URL: https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml
Relying party: https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml

This request failed. 

User Action 
Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified URL for this relying party.

I suspect I haven't employed the correct URL in my WS-Fed and SAML entries.

Link to comment
Share on other sites

@Markm

When ever we try to do stuff with ADFS here at Hornbill we invariably have to go and hire in some expertise, it certainly is a frustrating experience, I can understand where you are coming from.   I am not sure if this document gives you any clues? Have you seen it?

https://wiki.hornbill.com/index.php/SSO_Example_Config_Microsoft_ADFS_2.0_for_User_Accounts

[edit] If you follow that document it shows you how to download the SAML meta data from our service, by clicking on the "Customer" button, if you look in that file (its an XML file) it contains all the supported URL endpoints. 

Gerry

Link to comment
Share on other sites

Gents, thanks for your responses.

 

The working method for myself (but not for Chrome oddly) is to do the following in AFDS:-

Open new record for Replying Party Trust (below)

Selecting option 1,  enter the addresses as shown and then save the defaults.

I've the downloaded (User/Device/Live etc) from the SSO page but they didn't work properly for me.

Anyway,  this may be useful for somebody else.

image.png.b5bb90e07a8001c4057f0ee861e84e69.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...