@twhitehead wrote:
I’m testing SAML authentication with Orchestrator 2019.10.15 in a private setup. It appears the claims are being created appropriately but when being redirected back to the Orchestrator instance, access is denied. A support ticket has been opened, but I am wondering if anyone in the community has expereince with this or troubleshooting ADFS / SAML (I have no access to the ADFS and rely on another internal team for configuring that side)
<add key="ExternalAuth.Saml2.Enabled" value="true" />has been added within<appSettings>as has the following within<configSections><sustainsys.saml2 entityId="https://urltoorch" returnUrl="https://urltoorch"> <identityProviders> <add entityId="https://sts.windows.net/...id..." signOnUrl="https://login.microsoftonline.com/...id.../saml2" allowUnsolicitedAuthnResponse="true" binding="HttpRedirect"> <signingCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindByThumbprint" findValue="B...3"/> </add> </identityProviders> </sustainsys.saml2>The claims are coming back with several attributes givenanme, surname, emailaddress, sAMAccountName, etc.the redirect is ending up at
/Account/ExternalLoginCallback?ReturnUrl=%2F&mayRegisterTenant=False&error=access_deniedI’ve tried both creating a local user account in Orchestrator with various username formats as well as with an account added via Windows Auth that is created in the format of samaccountname@domain.
Posts: 4
Participants: 1