I am receiving this error when using SAML 2.0: “SAML 2.0 Authentication Failed: User Identifier Not Found.”
This happens when a UID or NAME ID is not passed from the ADFS Claim rules.
In ADFS the Relying Party Trust needs to have a Claim rule that passes either a UID or a NAME ID value. When you run a Workfront Test Connection, it should show this if successful.
You must have the following access to perform the steps in this article:
|Adobe Workfront plan||Any|
|Adobe Workfront license||Plan|
|Access level configurations||
You must be a Workfront administrator. For more information, see Grant a user full administrative access.
NOTE: If you still don't have access, ask your Workfront administrator if they set additional restrictions in your access level. For information on how a Workfront administrator can modify your access level, see Create or modify custom access levels.
When editing the ADFS INFO, in the Relying Party Trusts> Select object >Edit Claim Rules.
The LDAP Attribute (left column) should have E-Mail Addresses (or any unique identifier).
The Outgoing Claim Type (right column) should be Name ID.
It does not have to have the LDAP Attribute E-Mail Addresses. Any unique identifier that will identify the user can be used but it must be passed into Adobe Workfront as the NAME ID.