You are viewing limited content. For full access, please sign in.

Question

Question

Azure SAML Setup - The STS requested could not be found

Directory Server Web Client Web Customizations
Updated May 31, 2024
asked on March 16, 2020

We are deploying a SAML with Azure and after we enter the configuration following the Laserfiche SAML Azure documentation, it doesn't work.

We are getting an error: The STS requested could not be found.

Certificate is good so no sure where to go from here

2020-03-16 08_54_14-CSDCSO_Viamonde - AZURE (App & Web Server) - [v. 7.00.12][#48133164] [0_00_36] .png
2020-03-16 08_54_14-CSDCSO_Viamonde - AZURE (App & Web Server) - [v. 7.00.12][#48133164] [0_00_36] .png (120.35 KB)
Download
0 0

Replies

replied on March 16, 2020

Have you used the Configuring Laserfiche Directory Server 10.3 for SAML Authentication with Microsoft Azure Active Directory white paper?  Did you follow the steps on page 7 for "Configuring an STS Site for SAML Authentication"?

0 0
replied on March 16, 2020

Yes we did and for some reason it is not working

0 0
replied on March 16, 2020

Your SAML endpoint is wrong.  Yours is pointing to the Azure login

The white paper example shows it pointing to the LFDSSTS site

0 0
View 4 previous replies
replied on March 16, 2020

the LFDSTS site has to be the internal domain name or the public?

0 0
replied on March 16, 2020

As I recall, it is for the STS site that you are configuring.  If you are configuring for external access, I believe that the URL should point to the Public name.

Insure to include the /saml2/sso as shown in the sample URL.

1 0
replied on March 16, 2020

Now I'm getting it.

 

Sorry, but we’re having trouble signing you in.

AADSTS50130: The claim value(s) 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' cannot be interpreted as known auth method(s).

0 0
replied on March 16, 2020

From your Azure App, did you export the SAML XML metadata and then import that into the LFDS SAML Identity Provider?

After configuring the STS site for SAML Authentication, did you export the LFDS Metadata as XML and upload it into your Azure App?

 

After you upload the LFDS metadata to Azure, you need to verify the "Identifier" property.  Since You only have 1 LFDS site, the "Identifier" property needs to point to the internal LFDS site.

 

It may be that the SAML Endpoint asked about in previous posts needs to be the internal name.  If just the above does not work, change the SAML Endpoint and then re export the LFDS metadata and re upload it to Azure and try again.

1 0
replied on September 9, 2022

@Bert I have the same symptom but my LFDS is not externally routable. Is that my problem here? That my core LFDS server needs to be open to the outside world for this to work? Your comments above seem to indicate that.

I am trying my internal SSL name (that has a valid local CA cert) that my STS can reach into LFDS with (https://companyname.internal/lfds) for the Entity ID and the SAML Entity ID in general settings in LFDS. My STS does work fine this way for AD and LFDS auth.

0 0
replied on January 31, 2023

We are having the same issue where the LFDS site is not externally routable. Domain Users can use the (SAML) Azure Active Directory on the internal STS site, but on the external STS site they get this error. What gives? LFDS is only a management page and does not need to be externally routable.

0 0
replied on May 31, 2024

Is there any update to the STS error? We have the same error. "The requested sts could not be found".  We have followed the guide.  https://answers.laserfiche.com/questions/218785/Laserfiche-Directory-Server-LFDS-SAML-Authentication-with-Microsoft-Entra-ID#218805

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...