ShareFile SAML NameID Policy that could not be satisfied

  • 1
  • Problem
  • Updated 8 months ago
  • (Edited)
Hey guys,

We have been using SAML auth with our ADFS setup for a while, recently something has changed, I can't see anything on our end. The error we get on our ADFS setup is 

The SAML authentication request had a NameID Policy that could not be satisfied. 
Requestor: xxxxxx.sharefile.com 
Name identifier format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress 

I've gone back through the ADFS 3.0 setup guide PDF as per https://support.citrix.com/article/CTX208557 and can't find any issues.

Reading the error it seems like the claims rules are wrong or the name ID is not being passed properly. We get a "null" for NameID. 

MSIS7070: The SAML request contained a NameIDPolicy that was not satisfied by the issued token. Requested NameIDPolicy: AllowCreate: True Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress SPNameQualifier: . Actual NameID properties: null. 

Does anyone have any ideas as to what the issue is?
Photo of Amayacitta

Amayacitta

  • 1 Post
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Rick A

Rick A

  • 1 Post
  • 0 Reply Likes
I don't think Sharefile is sending the NameID as part of the AuthNRequest. it's just passing the NameID Format.
(Edited)