Support Article
Unable to process the SAML WebSSO request
SA-73808
Summary
On establishing a new SAML authentication setup that uses Azure Active Directory (Azure AD) instead of the Ping Federated Single Sign-on (SSO), error related to pyUserIdentifier occurs.
Error Messages
Unable to process the SAML WebSSO request: No value specified for attribute mapped to pyUserIdentifier property
Steps to Reproduce
Log in to the application through the Azure backend servlet.
Root Cause
The attribute configuration at the Azure level added name spaces.
This generated the below attribute:
<Attribute Name="urn:oasis:names:tc:SAML:2.0:attrname-format:basic/User_ID">
<AttributeValue>UserID</AttributeValue>
</Attribute>
The mapping on the AuthService rule used the below:
User_ID to pyUserIdentifier
At runtime, an attribute with name of 'User_ID' was not found because the attribute name in the SAMLResponse was 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic/User_ID'.
Resolution
Perform the following local-change:
Modify the Azure attribute configuration such that it does not include name spaces.
<Attribute Name="User_ID">
<AttributeValue>UserID</AttributeValue>
</Attribute>
Published March 21, 2019 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.