Hi everyone,
I have an on premise Orchestrator (2022.4.1) plugged to an IDP with SAML2 connection system activated.
Below my config file (injected in Identity appsettings.json) :
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="sustainsys.saml2" type="Sustainsys.Saml2.Configuration.SustainsysSaml2Section, Sustainsys.Saml2" />
</configSections>
<sustainsys.saml2 entityId="https://xxxx/identity" returnUrl="https://xxx/identity/externalidentity/saml2redirectcallback" minIncomingSigningAlgorithm="SHA1">
<identityProviders>
<add entityId="https://myIDP" signOnUrl="https://myIDP/xxx" allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
<signingCertificate storeName="My" storeLocation="CurrentUser" findValue="xxxxx" x509FindType="FindByThumbprint"/>
</add>
</identityProviders>
</sustainsys.saml2>
</configuration>
I handled issues around certificate and configuration, and now I can confirm that my IDP is sending data correctly (thanks to SAML Tracer) to the orchestrator under that format :
<saml2:AttributeStatement>
<saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
Name="cn"
NameFormat="SAML:2.0:attrname-format:unspecified"
>
<saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">ID_XXX</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
Name="givenName"
NameFormat="SAML:2.0:attrname-format:unspecified"
>
<saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">John</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
Name="mail"
NameFormat="SAML:2.0:attrname-format:unspecified"
>
<saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">John.doe@xxx.com</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
Name="sn"
NameFormat="SAML:2.0:attrname-format:unspecified"
>
<saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">Doe</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute xmlns:saml2="SAML:2.0:assertion"
Name="uid"
NameFormat="SAML:2.0:attrname-format:unspecified"
>
<saml2:AttributeValue xmlns:saml2="SAML:2.0:assertion">ID_XXX</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
The Issue :
I have User login failed. (#216) when trying to connect, and the Orchestrator Event Log is throwing this error :
UiPath.IdentityServer.Web.Application.Services.ExternalUserMappingByEmail No email found inside the claims
Any idea how I can help the orchestrator to map data correctly ?