ERROR

Unable to log in using IDP. 'NAME_ID' not found in SAML response for AD FS

Last Published: August 24, 2024

Error Message

When using the Active Directory Federation Services (AD FS) SAML IDP, the following error is returned when trying to log in to ArcGIS Enterprise portal via SAML logins:

Unable to log in using Idp. 'NAME_ID' not found in SAML response

Cause

The SAML NameID attribute is missing from the <Subject> element of the SAML assertion response.

Solution or Workaround

  1. Open the AD FS management console.
  2. Select Relying Party Trusts. In the Relying Party Trusts window, select the SP corresponding to your enterprise portal.
  3. On the Actions tab, click Edit Claim Issuance Policy (ADFS 4) or Edit Claim Rules (ADFS 3), and select the Issuance Transform Rule and click Edit Rule.
  4. In the Edit Rule window, click View Rule Language.
  5. Verify that the Name ID attribute is sent using the type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
  6. If this attribute is missing, add a new claim for the Name ID attribute. For the Outgoing claim type, choose the value Name ID from the drop-down list of options.

Article ID: 000026098

Software:
  • Portal for ArcGIS

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Related Information

Discover more on this topic

Esri Community

Search for related information

Training

Find training related to this topic

ArcGIS Ideas

Explore ideas and give feedback

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options