question

AnandShrivastava-3222 avatar image
0 Votes"
AnandShrivastava-3222 asked JanardhanMatheti-7722 published

How to fix the error Failed to add a SAML/WS-Fed identity provider?

am working on edit a SAML/WS-Fed IdP federation relationship on Microsoft azure portal.

After login to the azure portal went to external identities menu and click on add new identity provider option. There click on add New SAML/WS-Fed IDP.

Then the new form open & attached the federation XML but when clicked on save button getting the failed to add a SAML/WS-Fed identity provider error.105451-screenshot-from-2021-06-14-15-22-39.png


azure-ad-saml-sso
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sikumars-msft avatar image
0 Votes"
sikumars-msft answered sikumars-msft edited

Hello @AnandShrivastava-322,

Thanks for reaching out.

Are you trying to add one of your Azure AD tenant as SAML/WS-Fed identity provider? if so then this is an expected behavior whereas Azure Active Directory users with an Azure Active Directory account can be invited via email and sign in without further configuration. They can also use Self-service sign up with User flows.

To lean more about Identity Providers for External Identities refer this article.

Hope this helps.

Regards,
Siva


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@sikumars-msft thanks for your reply.

I am able to invite individual users through email and then they can able to do single sign on.

But when I wanted to give access to the one of the organisation members who have shared their federation XML with me
not able to do. I can not send the invitation to each one of the member of the organisation.

What my understanding is that I have to add the organisation federation XML as I am trying to do through New SAML/WE-Fed IDP form but stuck on the above error.

0 Votes 0 ·
sikumars-msft avatar image sikumars-msft AnandShrivastava-3222 ·

Sorry for delayed response.

Are you getting any error while sending out invite? External Identities meant for third party IDP who doesn't have neither Azure AD Tenant nor Microsoft live account. Therefore, if partner organization has Azure AD tenant then you must use Invite method, if there are multiple collaboration request then you can use Bulk invite Azure AD B2B method as explained in this article.

it seems that your organization members had shared federation metadata (XML file) of one of their Azure AD tenant which is not supported scenario with B2B external identities as I mentioned earlier "Azure Active Directory users with an Azure Active Directory account can be invited via email and sign in without further configuration".

Look at your screenshot Issuer URI : https://sts.windows.net/tenantID/ which indicate XML file belongs to one of Azure AD tenant.
112653-image.png

Hope this helps.



Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 Votes 0 ·
image.png (315.5 KiB)
JoeyReece-6614 avatar image
0 Votes"
JoeyReece-6614 answered

I'm having a similar issue and getting the same error. I am trying to setup a B2B relationship with our MSP for Sentinel and receive the same error. They are hosted in GSuite/Workspace. Can an MSP that wants to setup SSO for clients using AzureAD, can they have multiples of that? @sikumars-msft

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JanardhanMatheti-7722 avatar image
0 Votes"
JanardhanMatheti-7722 answered JanardhanMatheti-7722 published

I am also having the same issue, Here I am trying to add our own IDP that is using its own user store and IDP is saml 2p compliant.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.