Category Archives: ADFS

Invalid SAML Assertion 13 – WebEx SSO

Error “invalid SAML Assertion 13” could mean your Cisco WebEx AuthnContextClassRef (authentication context class reference) doesn’t match your SAML assertion (ADFS response)

Windows integrated authentication (ADFS)
urn:federation:authentication:windows

Password Protected Transport (ADFS Proxy)
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

If you have both ADFS and ADFS proxy servers you can enter both authentication context classes in the WebEx Federated Web SSO Configuration AuthnContextClassRef field separated by a semicolon.

urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

Salesforce ADFS get federation ID from Active Directory

Since SSO with Salesforce is case sensitive you need to get the information directory form the Domain Controller

Logon to Domain Controller

Import-Module activedirectory

Get-ADUser -Filter {EmailAddress -like “*lastname*domain.com”} -Properties EmailAddress | Select Name, EmailAddress

 

If you need assistance setting up SSO – https://developer.salesforce.com/page/Single_Sign-On_with_Force.com_and_Microsoft_Active_Directory_Federation_Services