Overview
When using SAML login with ADFS, nameID must map to userPrincipleName.
Explanation
Claims map in ADFS: userPrincipalName to Email Address; Email to NameID.
userPrincipalName (UPN) in SAML request must match to Principal name in the SAML response after authentication. That is, the nameID should map to UPN. However, the UPN may or may not be the same as Email Address, so the minimum information in the claim is just the UPN mapped to NameID.
Comments
0 comments
Please sign in to leave a comment.