No links (from SAML Authentication ID to Drupal user) found.

Created on 27 February 2023, almost 2 years ago
Updated 26 December 2023, 12 months ago

Anonymous User when sending SAML request

I am using samlauth version 8.x-3.8 and my IdP is sending the email address as the unique identifier.

I tried to map this at admin/config/people/saml/authmap, but the values are not accepted when I select "Apply".

What I get instead is the following message: "No links (from SAML Authentication ID to Drupal user) found."

πŸ’¬ Support request
Status

Closed: outdated

Version

3.8

Component

Miscellaneous

Created by

πŸ‡ΊπŸ‡ΈUnited States minkahb

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @minkahb
  • πŸ‡³πŸ‡±Netherlands roderik Amsterdam,NL / Budapest,HU

    You cannot map anything at admin/config/people/saml/authmap; this must be a misunderstanding. admin/config/people/saml/authmap is just a list of entries (links) for people who have logged in already (or are allowed to log in), and you cannot add any 'links' here through the UI.

    The message you are seeing just means "the list of existing links (authmap entries) is empty".
    And the apply button does not save anything, it is just a filter for the list of links (which in your case is empty).

    Question: how is your IdP sending the email address as the unique identifier? (When in doubt, this can be found out with the debug settings: log incoming SAML messages, then try to log in, and then inspect the XML that was received during the process, in the Drupal log.)

    Does it send the e-mail address (which you want to use as the unique iD) in a SAML attribute? Then configure that attribute name in 'Unique ID attribute' at admin/config/people/saml

    Does it send the e-mail address (which you want to use as the unique iD) in the SAML "NameID" value? This module does not support that yet. You can

    • use the patch at https://www.drupal.org/project/samlauth/issues/3211380#comment-14359347 🌱 NameID support Fixed
    • Set the value "NameID" (see patch) in the 'Unique ID attribute' configuration
    • test.
    • Keep in mind that in the future, when 🌱 NameID support Fixed is properly fixed and you update this module, things will likely break until you update the configuration (to 'use the NameID' in the properly implemented way).
  • πŸ‡ΊπŸ‡ΈUnited States minkahb

    Thanks for the response. I will try what you suggested.

  • πŸ‡ΊπŸ‡ΈUnited States minkahb

    Hi,

    I was able to get this to work once I had access to my internal Okta configuration, where I was able to create a custom attribute for the email address.

    Thanks for your help!

  • Status changed to Closed: outdated 12 months ago
  • πŸ‡³πŸ‡±Netherlands roderik Amsterdam,NL / Budapest,HU

    FWIW 🌱 NameID support Fixed is committed now so future users will hopefully not run into this.

Production build 0.71.5 2024