Hi,
I am trying to configure OpenAM as SAML2.0 IDP for my application. I added self hosted IDP and Remote SP (my application),
NameID formate is set to unspecified but still getting the “HTTP Status 500 - Unable to do Single Sign On or Federation.” error.
On Stack Trace it shows
ERROR: IDPSSOFederate.generateAssertionResponseUnable to do sso or federation.
com.sun.identity.saml2.common.SAML2Exception: Unable to generate NameID value.
Full Stack Trace is given below
libSAML2:07/05/2022 07:54:05:162 PM UTC: Thread[http-nio-8080-exec-12,5,main]: TransactionId[adc6470f-50e8-4001-a1c5-5511c3ca094b-3154054]
getAttributeValueFromSSOConfig: values=null
libSAML2:07/05/2022 07:54:05:162 PM UTC: Thread[http-nio-8080-exec-12,5,main]: TransactionId[adc6470f-50e8-4001-a1c5-5511c3ca094b-3154054]
AccountUtils.getAccountFederation:
libSAML2:07/05/2022 07:54:05:162 PM UTC: Thread[http-nio-8080-exec-12,5,main]: TransactionId[adc6470f-50e8-4001-a1c5-5511c3ca094b-3154054]
AccountUtils.getAccountFederation : user does not have any account federations.
libSAML2:07/05/2022 07:54:05:162 PM UTC: Thread[http-nio-8080-exec-12,5,main]: TransactionId[adc6470f-50e8-4001-a1c5-5511c3ca094b-3154054]
ERROR: IDPSSOFederate.generateAssertionResponseUnable to do sso or federation.
com.sun.identity.saml2.common.SAML2Exception: Unable to generate NameID value.
at com.sun.identity.saml2.plugins.DefaultIDPAccountMapper.getNameID(DefaultIDPAccountMapper.java:104)
at com.sun.identity.saml2.profile.IDPSSOUtil.getSubject(IDPSSOUtil.java:1585)
at com.sun.identity.saml2.profile.IDPSSOUtil.getAssertion(IDPSSOUtil.java:1000)
at com.sun.identity.saml2.profile.IDPSSOUtil.getResponse(IDPSSOUtil.java:812)
at com.sun.identity.saml2.profile.IDPSSOUtil.sendResponseToACS(IDPSSOUtil.java:469)
at org.forgerock.openam.saml2.UtilProxySAMLAuthenticator.generateAssertionResponse(UtilProxySAMLAuthenticator.java:500)
Not sure, what’s wrong with the configuration. Thanks in advance.
Thanks,
Lokesh