I have following setup:
Windows 2012 r2 with ADFS 3.0. WordPress setup as SP (relying party trust) and SimpleSAMLphp as IdP (claims party trust).
I want to authenticate WordPress users with help of SSP. Control flow is like: User logs in to WordPress. The page then takes to number of IdP providers configured on ADFS server. User chooses SSP. User is authenticated with SSP and response is sent to ADFS which in turn passes information to WordPress.
I have configured all the relying & claims party & it works well individually (WP-ADFS, ADFS-SSP) but when I try to authenticate WP with SSP, it gives me error: The SAML authentication request had a NameID Policy that could not be satisfied.
I have rules setup as: Claims party rule:
Transform an incoming rule: NameID transient to Windows account name
Relying party rule:
Rule 1:
LDAP rules: SAM-Account-Name->Windows account name, E-Mail-Addresses-> Email Address
Rule 2:
Transform an incoming claim: Windows account name-> NameID Transient Identifier
I have just started working with SSO on windows server so don't know much about claims rule & I guess that there might be something wrong with it as individually all the modules are working fine. (for e.g.: WP as SP and ADFS as IdP, ADFS as SP and SSP as IdP).
What exactly I am doing wrong.
Please also let me know if I have missed out on any details.
Thanks!
