Follow
ADFS SAML 2.0 Considerations in Workfront

This article addresses two common errors that could occur when using ADFS with SAML 2.0 protocol for a Single Sign-On solution in Workfront and offers a solution for each case. 

Example 1

You receive the following error:
SAML 2.0 Error: Primary StatusCode: urn:oasis:names:tc:SAML:2.0:status:Responder Secondary StatusCode: None

The ADFS Relying Party Trust > Advanced tab > needs to be configured for Secure Hash Algorithm of SHA-1. ADFS defaults to SHA-256 which will return the above error with Workfront.

Example 2

You receive the following error:
SAML 2.0 Authentication Failed: User identifier not found

The ADFS Relying Party Trust needs to have a Claim Rule defined. The Claim needs to be configured to send back an identifying attribute of a Name ID or UID element. This can be an email address, a unique ID string, etc.