Azure AD IDP

Nihii · ‎2021-04-07

Hi,

Environment: IG 3.6.2, RHEL 8.1 and Oracle 19c.

We are planning to move SSO from NAM to Azure AD. I tried adding the metadata url and I am having following error on configupdate

[Fatal Error] :1:1: Content is not allowed in prolog.

Error saving configuration

Authentication Method: 'Load on save': Unable to load SAML 2.0 metadata from the IDP: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.

I have also tried to paste the metadata, but same error. Any idea on how to change the SAML2.0 to use AAD.

Thanks

nihii

Jimbot · ‎2021-04-08

In my experience, the SAML metadata from anything Microsoft (ADFS/Azure) is not "standard SAML", and you may need to edit/modify it by hand to get NAM to read it correctly.

I vaguely remember doing this between ADFS and NAM a couple years back and I had to strip out all the certificate and signing values, and a couple tags and add in the appropriate certificate in the metadata before NAM would consume it.

I'm not sure if Azure AD is using the same tricks as ADFS from a few years ago, so your milage may vary.

--Jim

Access Request&Approval

Access Review&Certification

Installation&Deployment