We use a third party application that is currently using CAS for SSO. We want the application to use ADFS SSO.
I followed tons of articles on the Internet on setting it up right because the vendor didn't have any documentation on how to make it work with ADFS. They support simple SAML authentication and need the attribute to be passed on as "NameID". The attribute
to use from active directory is the sAMAccountName.
So this was what was done:
1. created a relying party trust with endpoint set to point to the vendor's saml link with binding set to "POST". SHA-1 was used.
2. Created a issuance transform rule that used LDAP attribute "SAM-Account-Name" and outgoing claim type as "NameID".
This doesn't work. The vendor says that they see saml connection from our end but the value being passed is NULL. A trace from fiddler shows
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" />
So basically, here is what we need:
pass the samaccountname from active directory to their SAML service as "NameID". Can someone please advise on how exactly this can be done?