SAML SSO with Azure

[Stunt0265]

If anyone has successfully been able to setup SAML SSO with Azure, please post your steps/settings. Have tried many different options according to the docs and issue comments, and still no luck.

Seeing this error:

(ACS endpoint) Error processing request from IdP. {"errors":["invalid_response"],"lastReason":"Invalid issuer in the Assertion/Response (expected 'https://support.nctm.app/saml/1234567/metadata', got 'https://sts.windows.net/1234-1234-1234-1234-1234/')"}

(I've removed the actual IDs)

Thanks

[crixle]

Not an expert, just kept playing with it until it worked.

In FreeScout:

1. Set Entity ID to the Azure AD Identifier
2. Set the Signin URL to the Login URL on Azure (Last section towards the bottom)
3. Logout URL can be any URL you want users redirected to after signing out.
4. For x509 Certificate, you need to download the Certificate (Base64) from Azure to your computer and open up command prompt/terminal. Navigate to the cert and type cat [app name].cer. Copy and paste the content between BEGIN CERTIFICATE and END CERTIFICATE into the field in FreeScout.
5. Leave Authentication Context blank

In Azure:

1. Identifier (Entity ID) will be the SP Metadata link in FS
2. Reply URL is the ACS URL in FS
3. Sign On URL is the Login URL in FS. Typically, "your-domain.com/login"
4. Logout Url preferably should be the same link you set in FS under Logout URL.

Like I said, I'm not an expert on SSO nor Azure so I can't provide further support. Hopefully you can use this as a template for your own setup.

Also, if the devs would like to include this in their documentation then please feel free!

[Stunt0265]

You're awesome! That was it. I had everything right except for the Entity ID. Thanks so much.