derricksmith
Azure AD is getting URL not application identifier
I created an enterprise application but am getting error AADSTS700016 saying that the application identifier was not found in the tenant's directory. It is giving the URL of my web site as the application identifier, not the actual application identifier. I see where the Directory (tenant) ID is in the SSO URL:
https://login.microsoftonline.com/
I have tried putting the application id in the field "Identity Provider Entity ID", but that isn't showing up in the error message. The URL for my website is.
Where are you finding these settings? I don’t see them on the configuration page for the plugin.
From: Tobiko88 @.> Sent: Sunday, April 9, 2023 4:44 AM To: derricksmith/phpsaml @.> Cc: Frank Fernandez @.>; Author @.> Subject: Re: [derricksmith/phpsaml] Azure AD is getting URL not application identifier (Issue #131)
had the same Problem. change SSo Type to Generic and change the common in the Authorize URL and AccessToken URL to your Azure Tenant ID. Then it should work.
It Would be very nice to add this to the Wiki.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/derricksmith/phpsaml/issues/131*issuecomment-1501109026__;Iw!!K-Hz7m0Vt54!g3dXBIdwpfZgkVVnk12-zHK78r0guOSvoR28YSnBgEZGceJqSa7ZE8qkjG369gTXD4GqknpvwtxL7DcUz4ia$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AHCLANFHJB73LPFACCYJH4DXAKOHDANCNFSM6AAAAAAWTLMXDI__;!!K-Hz7m0Vt54!g3dXBIdwpfZgkVVnk12-zHK78r0guOSvoR28YSnBgEZGceJqSa7ZE8qkjG369gTXD4GqknpvwtxL7Lw1Btmk$. You are receiving this because you authored the thread.Message ID: @.@.>>
To be specific, the PHP SAML configuration page has these settings: Plugin Enforced, Strict, Debug, Just In Time Provisioning, Service Provider Certificate, Service Provider Key, Name ID Format, IdP Entity ID, IdP SSO URL, IdP Single Logout Service, IdP X509 Certificate, Requested Authn Context, Req Ath Comparison, Encrypt NameID, Sign Auth Reqs, Sign Logout Reqs, Sign Logot Response.
The Azure tenant is our university and I am accessing the IdP SSO login URL as https://login.microsoftonline/put-tenant-id-here/saml2. I have tried putting the application ID in the IdP entity ID, but it still is using the URL of our web site.
Hi Frank, sorry i delted my poste because i mixed up the two Plugins
phpsaml and singlesignon (from Edgard Lorraine Messias)
I figured it out how it works, i only have one problem with the transport of the email-address for JIT
Have a look at the phpsaml.xml https://github.com/derricksmith/phpsaml/blob/master/phpsaml.xml
there you can download the version 1.2.1 https://github.com/derricksmith/phpsaml/archive/1.2.1.zip
Put it in the plugins folder as "phpsaml" then you can install the Plugin and configure it.
I got the problem, that wasn't able to safe the settings from the configuration page. So i changed everything in the table "glpi_plugin_phpsaml_configs"
then u should have every information in the readme.md or in the wiki https://github.com/derricksmith/phpsaml/wiki
Now i get the error: "JIT Error: Unable to create user because missing claims (emailaddress)"
Ok, i found my solution:
the Name ID Format must be set as Email Address and the Requested Authn Context to X509
Now it works as expected :)
I am still getting the error that “ Application with identifier
~ Frank
From: Tobiko88 @.> Sent: Monday, April 10, 2023 3:02 AM To: derricksmith/phpsaml @.> Cc: Frank Fernandez @.>; Author @.> Subject: Re: [derricksmith/phpsaml] Azure AD is getting URL not application identifier (Issue #131)
Hi Frank, sorry i delted my poste because i mixed up the two Plugins
phpsaml and singlesignon (from Edgard Lorraine Messias)
I figured it out how it works, i only have one problem with the transport of the email-address for JIT
Have a look at the phpsaml.xml https://github.com/derricksmith/phpsaml/blob/master/phpsaml.xmlhttps://urldefense.com/v3/__https:/github.com/derricksmith/phpsaml/blob/master/phpsaml.xml__;!!K-Hz7m0Vt54!mbnzUOVxotTt_Xdlc2z2b_IVpkfNpXB26FxwUvd2O3nKrbDt4YHuceLGMzLZ7tMvSBR2BKbhO_4Iw7YljAp0$
there you can download the version 1.2.1 https://github.com/derricksmith/phpsaml/archive/1.2.1.ziphttps://urldefense.com/v3/__https:/github.com/derricksmith/phpsaml/archive/1.2.1.zip__;!!K-Hz7m0Vt54!mbnzUOVxotTt_Xdlc2z2b_IVpkfNpXB26FxwUvd2O3nKrbDt4YHuceLGMzLZ7tMvSBR2BKbhO_4Iw4MEj4U1$
Put it in the plugins folder as "phpsaml" then you can install the Plugin and configure it.
I got the problem, that wasn't able to safe the settings from the configuration page. So i changed everything in the table "glpi_plugin_phpsaml_configs"
then u should have every information in the readme.md or in the wiki https://github.com/derricksmith/phpsaml/wikihttps://urldefense.com/v3/__https:/github.com/derricksmith/phpsaml/wiki__;!!K-Hz7m0Vt54!mbnzUOVxotTt_Xdlc2z2b_IVpkfNpXB26FxwUvd2O3nKrbDt4YHuceLGMzLZ7tMvSBR2BKbhO_4IwxJReb-c$
Now i get the error: "JIT Error: Unable to create user because missing claims (emailaddress)"
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/derricksmith/phpsaml/issues/131*issuecomment-1501630779__;Iw!!K-Hz7m0Vt54!mbnzUOVxotTt_Xdlc2z2b_IVpkfNpXB26FxwUvd2O3nKrbDt4YHuceLGMzLZ7tMvSBR2BKbhO_4Iwygl96NM$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AHCLANFPIWYPZK6OWZW5Y7DXAPLCFANCNFSM6AAAAAAWTLMXDI__;!!K-Hz7m0Vt54!mbnzUOVxotTt_Xdlc2z2b_IVpkfNpXB26FxwUvd2O3nKrbDt4YHuceLGMzLZ7tMvSBR2BKbhO_4IwyS_8OwK$. You are receiving this because you authored the thread.Message ID: @.@.>>
@derricksmith maybe we should post this or a simular image in the readme with some configuration comments. for instance what bindings to use (if someone needs to configure them manually).
No more activity, I suggest we close this issue.