Categories
BI Solution Uncategorized Web UI

Azure AD SSO Integration Error

When I trying to create a SAML Request for https://login.microsoftonline.com/xxxxx-xxxx-xxxx-xxxxx/saml2?SAMLRequest=[SAMLRequest redirect encode]

I have the following error message:

Request Id: xxxxxxxx-xxxx-446a-a8c8-84a3477d0600
Correlation Id: xxxxxxxx-xxxx-465d-83d9-6be5c98abec5
Timestamp: 2019-03-05T00:53:02Z
Message: AADSTS7500529: The value ‘817ef7d6-89a8-4367-8e41-39b1559305cd’ is not a valid SAML ID.

this GUID 817ef7d6-89a8-4367-8e41-39b1559305cd is generated with java.util.UUID tool. However, the Azure AD service is expecting an XML ID which has to meet the following requirement:

1.3.4 ID and ID Reference Values
The xs:ID simple type is used to declare SAML identifiers for assertions, requests, and responses. Values declared to be of type xs:ID in this specification MUST satisfy the following properties in addition to those
imposed by the definition of the xs:ID type itself:
• Any party that assigns an identifier MUST ensure that there is negligible probability that that party or any other party will accidentally assign the same identifier to a different data object.
• Where a data object declares that it has a particular identifier, there MUST be exactly one such declaration.
The mechanism by which a SAML system entity ensures that the identifier is unique is left to the implementation. In the case that a random or pseudorandom technique is employed, the probability of two
randomly chosen identifiers being identical MUST be less than or equal to 2-128 and SHOULD be less than or equal to 2-160
. This requirement MAY be met by encoding a randomly chosen value between 128 and 160 bits in length. The encoding must conform to the rules defining the xs:ID datatype. A pseudorandom
generator MUST be seeded with unique material in order to ensure the desired uniqueness properties
between different systems.

Page 9:  http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

A simple solution is the add “id” in front of the string and remove any “-” from it.

it would similar to: id6c1c178c166d486687be4aaf5e482731

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.