Error message: SAML 2.0 Authentication Failed: User Identifier Not Found

Problem

I am receiving this error when using SAML 2.0: “SAML 2.0 Authentication Failed: User Identifier Not Found.”

Cause

This happens when a UID or NAME ID is not passed from the ADFS Claim rules.

In ADFS the Relying Party Trust needs to have a Claim rule that passes either a UID or a NAME ID value. When you run a Workfront Test Connection, it should show this if successful.

Access requirements

You must have the following access to perform the steps in this article:

Adobe Workfront plan Any
Adobe Workfront license Plan
Access level configurations

You must be a Workfront administrator. For more information, see Grant a user full administrative access.

NOTE: If you still don't have access, ask your Workfront administrator if they set additional restrictions in your access level. For information on how a Workfront administrator can modify your access level, see Create or modify custom access levels.

Solution

  1. When editing the ADFS INFO, in the Relying Party Trusts> Select object >Edit Claim Rules.

  2. The LDAP Attribute (left column) should have E-Mail Addresses (or any unique identifier).

  3. The Outgoing Claim Type (right column) should be Name ID.

    NOTE

    It does not have to have the LDAP Attribute E-Mail Addresses. Any unique identifier that will identify the user can be used but it must be passed into Adobe Workfront as the NAME ID.

On this page