I am receiving this error when using SAML 2.0: “SAML 2.0 Authentication Failed: User Identifier Not Found.”
This happens when a UID or NAME ID is not passed from the ADFS Claim rules.
In ADFS the Relying Party Trust needs to have a Claim rule that passes either a UID or a NAME ID value. When you run a Workfront Test Connection, it should show this if successful.
You must have the following access to perform the steps in this article:
Adobe Workfront plan | Any |
Adobe Workfront license | Plan |
Access level configurations | You must be a Workfront administrator. For more information, see Grant a user full administrative access. NOTE: If you still don't have access, ask your Workfront administrator if they set additional restrictions in your access level. For information on how a Workfront administrator can modify your access level, see Create or modify custom access levels. |
When editing the ADFS INFO, in the Relying Party Trusts > Select object >Edit Claim Rules.
The LDAP Attribute (left column) should have E-Mail Addresses (or any unique identifier).
The Outgoing Claim Type (right column) should be Name ID.
It does not have to have the LDAP Attribute E-Mail Addresses. Any unique identifier that will identify the user can be used but it must be passed into Adobe Workfront as the NAME ID.