Moodle intergration with ADFS--Plugin SAML2 Single sign on

Question

I recently attempted to integrate ADFS with a Moodle application using the "SAML2 Single Sign-On" plugin maintained by Catalyst IT, version 2022111701 (2022111701). The Moodle version is 4.3 (Build: 20231009).

However, I'm encountering the following error after a successful login:

"You have logged in successfully. But the Name ID attribute does not correspond to an account in Moodle."

I'm not sure how to enable debug logs for the SAML2 SSO plugin to troubleshoot this issue. Despite successfully configuring the SAML SSP and even passing the test link, the error persists.

I've attached a reference image showing the SAML SSP configuration. If anyone has experienced this issue or has suggestions on enabling debug logs for the SAML2 SSO plugin, please let me know.

Any help or guidance on resolving this would be greatly appreciated.

Thank you in advance.

Answer 1

Go to the settings page for SAML2

via Site admin > Plugins > Authentication > SAML2

Or direct to yoursite/admin/settings.php?section=authsettingsaml2

Scroll down and check the value for

Mapping IdP auth_saml2|idpattr

This needs to map to the value for the username in ADFS

The default is uid but could be a different attribute in your ADFS

See some gotchas here

https://github.com/catalyst/moodle-auth_saml2/tree/MOODLE_39_STABLE?tab=readme-ov-file#debugging

Answer 2

Here my Moodle & ADFS setting as below configured for SSO

Moodle Navigate below

*Home -> Site administration -> Plugins -> Authentication -> SAML2* 

Below Reference screenshot of SAML setting.

In ADFS While creating New Replying Party Trust import moodle metadata from in SAML 2 setting SP Metadata auth_saml2 | spmetadata View Service Provider Metadata | Download SP Metadata

Right click moodle ADFS replying partys trust and Edit Claim issuances policy -> Add New Rule

Thats it its works like charm without asking password for the domain users. I hope everyone likes my workaround.