ĐARK々MÁTTER
ĐARK々MÁTTER12mo ago

Getting `urn:oasis:names:tc:SAML:2.0:status:Responder` from ADFS when using SAML

One of our customers is using AD FS on their Microsoft Server 2016 and we are connecting zitadel SP to their IDP using SAML 2.0. In the callback response we are getting 
<samlp:Status>
  <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" />
</samlp:Status>
<samlp:Status>
  <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" />
</samlp:Status>
More about this error code: https://stackoverflow.com/questions/62680613/adfs-dont-pass-claims-from-ws-fed-response-from-claim-provider-to-outgoing-saml
Stack Overflow
ADFS don't pass claims from Ws-Fed response from Claim Provider to ...
In my environment there are an ADFS 4.0 and asp.net project with IdentityServer4 + WsFederation package as the Claim Provider. All RPs that using a Ws-Fed protocol work fine. But SAMLP RP, does not
4 Replies
ĐARK々MÁTTER
ĐARK々MÁTTEROP12mo ago
Event ID: 378 on the windows server 
SAML request is not signed with expected signature algorithm. SAML request is signed with signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 . Expected signature algorithm is http://www.w3.org/2000/09/xmldsig#rsa-sha1 

User Action: 
Verify that signature algorithm for the partner is configured as expected.
SAML request is not signed with expected signature algorithm. SAML request is signed with signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 . Expected signature algorithm is http://www.w3.org/2000/09/xmldsig#rsa-sha1 

User Action: 
Verify that signature algorithm for the partner is configured as expected.
@Zitadel Staff Please help me.
FFO
FFO12mo ago
Maybe @stebenz can lend a hand here
Unknown User
Unknown User12mo ago
Message Not Public
Sign In & Join Server To View
ĐARK々MÁTTER
ĐARK々MÁTTEROP12mo ago
So in our ADFS the signing algorithm by default was sha-256. I have asked our IT team to use SHA1 and it works

Did you find this page helpful?