Hey,
I am trying to setup SAML2 on my PS Server.
I tried following the guide but I got stuck in an infinite loop. In addition to that, the guide isn’t very clear and the screenshots provided seem to not mirror my install.
We are using the enterprise version and would like to setup SAMl2 using EntraID.
Hey @deroppi and @adam Thank you for both reaching out. I updated and I no longer have that issue.
When I log in with SAML now, it just brings me back to the main login page again. I do not get in.
I have tried without.
I am genuinley struggling with trying to get this work so apologise if it feels noobish.
I have tried following the guide and it doesnt align for what should be done on Azure and then what should be done on the app side. After that Im guessing.
Sorry, it may make sense to others but im just struggling.
I don’t use the GUI for roles, but have a script to take care of that.
Basically I take the email address of a user and the groups from the claims (configured email address as an extra in Azure) and have a script check for each role whether that user or group should get that role, and just return a $True if yes.
That allows me to use multiple groups ids for the same role.
Anyway, should not have to do with your issue.
Then attempt to login with SAML. If you get in with this configuration, navigate to the Roles page and click the View Claim Information button. This will display all the groups that PSU received from Entra ID.
If the list does not contain the group you are expecting, it could be a problem with the app registration on the Entra ID side. Make sure you have the Groups claim added.
I remade my entra config to match yours @deroppi and when I sign in now it brings me directly to https://HOSTNAME/Saml2/Acs with error 500. This is different than when I setup my entra app using the openid docs.
So I set everything up according to all your images and I get the below. I get this once I have authenticated with SAML and it just sends me to this page.
Now I would check your system log. The exception will be listed there. My guess is that you are not using HTTPS and it is causing an exception due to the secure to insecure redirect.