Error message: SAML 2.0 error: Primary StatusCode

Last update: Tue Sep 10 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

主題：

建立對象：

管理員

Problem

You are unable to establish a successful connection to ADFS.

SAML_2.0_Error_Primary_Status_Code.png

NOTE

If you establish a successful test connection and you are still experiencing issues, you might have incorrect attribute mappings or issues with the federation IDs. Contact customer support with questions.

Access requirements

Expand to view access requirements for the functionality in this article.

You must have the following access to perform the steps in this article:

table 0-row-2 1-row-2 2-row-2 layout-auto html-authored no-header
Adobe Workfront plan	Any
Adobe Workfront license	New: Standard or Current: Plan
Access level configurations	System Administrator

table 0-row-2 1-row-2 2-row-2 layout-auto html-authored no-header

Adobe Workfront plan

Any

Adobe Workfront license

New: Standard

Current: Plan

Access level configurations

System Administrator

For more detail about the information in this table, see Access requirements in Workfront documentation.

Cause 1: Secure hash algorithm is set to SHA-256

Solution

In Windows, click Start > Administration > ADFS 2.0 Management.
The ADFS 2.0 Management dialog box is displayed.
Select Trust Relationship > Relying Party Trusts in the left-hand pane.
Right-click on the relying party trust related to Adobe Workfront, then select Properties.
Click on the Advanced tab, then select SHA-1 from the Secure hash algorithm drop-down menu.

Cause 2: ADFS Signing Certificate is about to expire and has been replaced by a new Certificate with overlapping dates

Solution

The Workfront SSO Setup Page lists the certificate expiration date. If the certificate is about to expire, you need to manually pull the New Signing Certificate from the ADFS Server:

In Windows, click Start > Administration > ADFS 2.0 Management.
The ADFS 2.0 Management dialog box is displayed.
Select Trust Relationship > Relying Party Trusts in the left-hand pane.
Right-click on the relying party trust related to Workfront, and select Properties.
Click on the Signature tab.
Click on the name of the Signing Certificate, and click View.
Click Copy to File…, and select Next.
Select Base-64 encoded x.509 (CER), and click Next.
Specify the file name, and click Next.
Click Finish.
In Workfront, navigate to Setup > System > Single Sign-On (SSO) and manually upload the Signing Certificate.

Cause 3: Certificate revocation check is failing

The solution for this depends on the version of Microsoft ADFS that you are using. Consult Microsoft’s documentation to obtain the appropriate commands for your version.

recommendation-more-help

5f00cc6b-2202-40d6-bcd0-3ee0c2316b43