Hi,
Just wondering if anyone has been able to figure out how to properly send the SAML-responses to on-prem-hosted iDP,
Documentation is pretty vague to be honest but states that the "nameID" must be transformed into:
"Configure your SAML identity provider to:
This is fixed with claim-transformation rules and a SAML-debug/trace shows that on-prem iDP is sending this correctly.
Second it's also stated that you should send Email, Username, FirstName, LastName, DisplayName from your iDP.
This is also confirmed with SAML-trace logs.
However it doesn't matter, DUO SSO will *always* respond with:
Error: Invalid SAML Response received from identity provider
And as all cloud solutions , no possible way to actually check what the problem is...just a ticked ID.
I could of course open a ticket and get this information, but seems like a long way around.
I am 100% sure that my SAML-response matches all of the above and DUO-SSO still doesn't like it.
It works perfectly fine with other SAML-providers, and i even setup an internal ADFS with above requirements just to confirm that it was indeed working.
Ideas?
