We are a PingFederate shop, but have recently setup a subsidiary using ADFS for federation (2012 R2 ADFS 3.0). My experience with that is limited. Office 365 connection is fine, but setting up a relying party trust with a SaaS provider and ran into an issue. The SAML response ADFS generates omits the "saml" namespace prefix on the XML elements, which I believe is allowed by the SAML 2.0 spec, but the vendor is coded to require them:
*******our ADFS generated response************ <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://sts.acme.com/adfs/services/trust</Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:Status> <Assertion ID="_b4d9xxxxb-4ef2-494e-xxxx-d21c34018935" IssueInstant="2016-11-15T19:47:36.217Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> *******Vendor expected response************ <Saml:Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://sts.acme.com/adfs/services/trust</Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:Status> <Saml:Assertion ID="_b4d9xxxxb-4ef2-494e-xxxx-d21c34018935" IssueInstant="2016-11-15T19:47:36.217Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> So far my Google search has turned up a few things related to this, but nothing that talks about ADFS. Has anyone run into this before? Is there a way to get ADFS to add the namespace prefix to the elements? Thanks Christopher Bodnar Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com<mailto:> [cid:image001.png@01D1326B.600058E0] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
