question

BrianStringfellow-3596 avatar image
0 Votes"
BrianStringfellow-3596 asked BrianStringfellow-3596 answered

ADFS claim rules help

Hello,
I am trying to configure a monitoring software called "Zabbix" to use our ADFS system for SSO. However I am having trouble getting it to work and I believe it comes down to missing or incorrect claim rules.
This is how I have it set up on Zabbix:

131661-zabbix1.png



However, I keep getting the error, The parameter "UPN" is missing from the user attributes.

I have also tried uid and samaccountname instead of UPN but I receive the same error for those (with uid or samaccountname replacing UPN in the error)

Do I need to create a claim rule to get rid of this error and if so, what is the proper syntax?
Thank you

adfs
zabbix1.png (43.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

piaudonn avatar image
0 Votes"
piaudonn answered piaudonn converted comment to answer

Do I need to create a claim rule to get rid of this error ...

You might. But they (the SP) should tell you what to send.

You need to know if you need a NameID. If so, in what format.
Then you need to know what claims you need to send. You need the exact claim type. For example, for UPN, you can send a claim that is exactly "UPN" with the user principal name of the user.



· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,
We have a claims rule for NameID already. This appears to work, but it will not accept anything I put in the username attribute field.

0 Votes 0 ·
piaudonn avatar image piaudonn BrianStringfellow-3596 ·

it will not accept anything I put in the username attribute field

I don't know what you mean. Can you copy/paste config and error messages? It will help us to better understand what you might need.

0 Votes 0 ·

!Hello,
This is the error message I get:

132387-zabbix2.png




0 Votes 0 ·
zabbix2.png (12.0 KiB)
BrianStringfellow-3596 avatar image
0 Votes"
BrianStringfellow-3596 answered

I was able to get it to work. It turns out I needed to translate the LDAP claims with this rule:

132478-image.png

When I added "samaccountname" in the username attribute field above, I was able to sign in with SAML.



image.png (142.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.