ADFS SAML 2.0 Considerations in Workfront


Discusses items to consider or be aware of when using Active Directory Federation Services (ADFS) as their SAML 2.0 provider. 


This reference discusses two common questions that arise when usingADFS and SAML 2.0. 

Example 1

SAML 2.0 Error: Primary StatusCode: urn:oasis:names:tc:SAML:2.0:status:Responder Secondary StatusCode: None

The ADFS Relying Party Trust > Advanced tab > needs to be configured for Secure Hash Algorithm of SHA-1. ADFS defaults to SHA-256 which will return the above error with Workfront.

Example 2

SAML 2.0 Authentication Failed: User identifier not found

The ADFS Relying Party Trust needs to have a Claim Rule defined. The Claim needs to be configured to send back an identifying attribute of a Name ID or UID element. This can be an email address, a unique ID string, etc.