由于元数据不匹配, SAML 身份验证被拒绝
适用场景
- System Manager 9.7
- Microsoft ADFS
问题描述
- 无法通过SAML向System Manager进行身份验证、因为Idp元数据不包含电子邮件地址
-
/mroot/etc/shibboleth/shibd.log
包含以下错误:
[kern_shibd:info:9583] ERROR OpenSAML.MetadataProvider.XML : metadata instance failed manual validation checking: EmailAddress must have TextContent
[kern_shibd:info:9583] WARN Shibboleth.SessionInitiator.SAML2 [1] [default]: unable to locate metadata for provider (https://sts.iconplc.com/adfs/services/trust)
Unknown or Unusable Identity Provider The identity provider supplying your login credentials is not authorized for use with this service or does not support the necessary capabilities