Generating Metadata for IDP

On the service provider tab, have you entered the SAML field that the plugin should use for the user name? This needs to match the name of the attribute your IdP sends.

For Attribute to be used as Username we have cn
First Name = givename
Attribute used for last name = sn
Attribute used for email = email
Attribute Groups= memberof

Any issue you see here ??

Just make sure your IdP is sending cn as an attribute, and not just as the NameID. Besides that, I’m not sure.

Do we need to create CN on Service Provider Side also?? Or it auto-creates it.

We have Binding as the POST

Name Identifier Default Value:

Persistent: Enabled But not Automatically Generated
Transient: Enabled But not Automatically Generated
Email: Enabled & Name Identifier Format Default Value “LDAP Attribute Mail”

Let me know ASAP.

There’s not a whole lot more I can do to help you, as this problem will be deeply tied to the SAML Response provided by your IdP. If you can extract and post the XML contents of the response, I may be able to provide you with some insight.

Here is Response from IDP

[ Moderator note: please wrap code in backticks or use the code button. ]

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                Consent="urn:oasis:names:tc:SAML:2.0:consent:obtained"
                Destination="https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1"
                ID="idK-mk-6Uo72h4WfmBUjd7Ote8hWs"
                InResponseTo="_6dc65d71e42b61bc17ba398450854ae19aa37c69d1"
                IssueInstant="2014-01-26T02:14:17Z"
                Version="2.0"
                >
    <saml:Issuer>https://p-weblogin.med.umich.edu:8443/nidp/saml2/metadata</saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </samlp:Status>
    <saml:Assertion ID="idHr52cM2tuF6ofW2ywNq4mT8yLPM"
                    IssueInstant="2014-01-26T02:14:17Z"
                    Version="2.0"
                    >
        <saml:Issuer>https://p-weblogin.med.umich.edu:8443/nidp/saml2/metadata</saml:Issuer>
        <ds:Signature xmlns:ds="https://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <CanonicalizationMethod xmlns="https://www.w3.org/2000/09/xmldsig#"
                                        Algorithm="https://www.w3.org/2001/10/xml-exc-c14n#"
                                        />
                <ds:SignatureMethod Algorithm="https://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <ds:Reference URI="#idHr52cM2tuF6ofW2ywNq4mT8yLPM">
                    <ds:Transforms>
                        <ds:Transform Algorithm="https://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                        <ds:Transform Algorithm="https://www.w3.org/2001/10/xml-exc-c14n#" />
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="https://www.w3.org/2000/09/xmldsig#sha1" />
                    <DigestValue xmlns="https://www.w3.org/2000/09/xmldsig#">7dJ5sRExI782NL5CI59fde6SJJg=</DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <SignatureValue xmlns="https://www.w3.org/2000/09/xmldsig#">
FgfzTBePsAJIEA3iY7wdEOEzYfu9T3kS4qzbjl3vBpH/Vko08eSdNp7kN0eEkoE0X0LOBEE6paS2
GdQ1TgRc7EWpQ+nziSzElTwrveOK6rxosGjsdkRFN7lVRitkMynJSs0V+r0E5WB5osno2hTxktzY
GzAfWg2nUfFuOqFiLyXrUDgfO5OvUjqCdJZPJwnhAhIh2tzF7UCfb7rE/k+F0qN7+ORGJJ0GmtdJ
XH6isinvWxuWP5m373UZzD76k2pnc3rHzjWCk6r03yMHY4bLhl5N10tb9CdmgzJlAYUWBpn8VfnT
Ik4VwTVz/fM7zgLfPkTXt7k19SUGFPA1jCbvEQ==
</SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>
MIIFZDCCBEygAwIBAgIQPi7QJMUZWOtDDMMDS5W3GTANBgkqhkiG9w0BAQUFADCBtTELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0g
RzMwHhcNMTQwMTE3MDAwMDAwWhcNMTUwMTE4MjM1OTU5WjCBmTELMAkGA1UEBhMCVVMxETAPBgNV
BAgTCE1pY2hpZ2FuMRIwEAYDVQQHFAlBbm4gQXJib3IxLTArBgNVBAoUJFVuaXZlcnNpdHkgb2Yg
TWljaGlnYW4gSGVhbHRoIFN5c3RlbTERMA8GA1UECxQISVNPLU1DSVQxITAfBgNVBAMUGHAtd2Vi
bG9naW4ubWVkLnVtaWNoLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7pozsS
yqAU4Fa8tXXTDJEdArOd9udSZWNqudHWGw3I3ablSWECbCYFXUgWe+snW2VmFVCp0WEOu4W5zPlI
VPNwanMjEve+GViFdkze2LqyPTx8awJRUdCEMkK9dZlU3WKUSiIwlv3rzgcOgd3VEOmmShgciQli
3ph/HSCZSJZq3qDxzMhFQ3RnuWE+z8JN2wLSO1hK92pC/RjjGVMWSHtF9ElOtCSKsHF79g7wOtJK
E51geyaBGd17Cq5pdFfK6jooLimLskF+HPgoKxGTDGloWyV78klps7SdVNcOz9gNpI3KjCZQKVC+
uF+0On8/3gJteaccn8tcT9geuOj4+mcCAwEAAaOCAYgwggGEMCMGA1UdEQQcMBqCGHAtd2VibG9n
aW4ubWVkLnVtaWNoLmVkdTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0gBDwwOjA4BgpghkgBhvhFAQc2MCowKAYIKwYBBQUHAgEW
HGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHwYDVR0jBBgwFoAUDURcFlNEwYJ+HSCrJfQB
Y9i+eaUwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVyaXNpZ24u
Y29tL1NWUlNlY3VyZUczLmNybDB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
Y3NwLnZlcmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0cDovL1NWUlNlY3VyZS1HMy1haWEudmVy
aXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjANBgkqhkiG9w0BAQUFAAOCAQEAiSB0FR55DGhymk1J
ELv6bCLIS8eGZUT1USq+J1SWKB9PaJvePN+Kp6dH/xA/ErUwZ+1IS4y1a7uLzGhrlDrIDsqU0RS2
ovUqH1cG1C5JZl3/7fVba/+JKEHhdlDxpxfycao3IP/mBxhXhgloXntbqil1HwT/MHUMtrIsrS7s
po2t/AosAxLESuNxOm/v10mM7/0IizZCq7/JlHEpGNzX8jM+YFS4QnoT9mgqbQo/AxHr+lz6vddJ
4q9oaTqH7AZammZ4ScLvOYI8IBJ5VzthU0fNg6NcSJHKfgwnqOGuVTh+0u43gfpvFSWFmQaP5W7S
z0EF7sYuWzDw7RQDa/perg==
</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml:Subject>
            <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                         NameQualifier="https://p-weblogin.med.umich.edu:8443/nidp/saml2/metadata"
                         SPNameQualifier="https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1"
                         >470rGcmyYMgWAXQiVwVxL1AHdiRYD3gmYRx2LQ==</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData InResponseTo="_6dc65d71e42b61bc17ba398450854ae19aa37c69d1"
                                              NotOnOrAfter="2014-01-26T03:14:17Z"
                                              Recipient="https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1"
                                              />
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions NotBefore="2014-01-26T02:09:17Z"
                         NotOnOrAfter="2014-01-26T02:19:17Z"
                         >
            <saml:AudienceRestriction>
                <saml:Audience>https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthnInstant="2014-01-26T02:14:17Z"
                             SessionIndex="idHr52cM2tuF6ofW2ywNq4mT8yLPM"
                             >
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
                <saml:AuthnContextDeclRef>secure/name/password/uri/p-idm-dir1</saml:AuthnContextDeclRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
        <saml:AttributeStatement>
            <saml:Attribute xmlns:xs="https://www.w3.org/2001/XMLSchema"
                            xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
                            Name="/UserAttribute[@ldap:targetAttribute=&qout;cn&qout;]"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                            >
                <saml:AttributeValue xsi:type="xs:string">shrbhagw</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute xmlns:xs="https://www.w3.org/2001/XMLSchema"
                            xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
                            Name="/UserAttribute[@ldap:targetAttribute=&qout;mail&qout;]"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                            >
                <saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue>
            </saml:Attribute>
        </saml:AttributeStatement>
    </saml:Assertion>
</samlp:Response>

Decode of SAML Message

[ Moderator note: please wrap code in backticks or use the code button. The code button is your friend, please use it. ]

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Consent="urn:oasis:names:tc:SAML:2.0:consent:obtained" Destination="https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1" ID="idq4X1HaVGzB1yyRtdW4aRkpt6.YY" InResponseTo="_960a3667ce40b25b8b5eab20e03b441d401da42fb0" IssueInstant="2014-01-26T02:39:30Z" Version="2.0"><saml:Issuer>https://p-weblogin.med.umich.edu:8443/nidp/saml2/metadata</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion ID="idnqPLFwY5K4-nLWZ..YR32QqC5XQ" IssueInstant="2014-01-26T02:39:30Z" Version="2.0"><saml:Issuer>https://p-weblogin.med.umich.edu:8443/nidp/saml2/metadata</saml:Issuer><ds:Signature xmlns:ds="https://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><CanonicalizationMethod xmlns="https://www.w3.org/2000/09/xmldsig#" Algorithm="https://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="https://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#idnqPLFwY5K4-nLWZ..YR32QqC5XQ"><ds:Transforms><ds:Transform Algorithm="https://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="https://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="https://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue xmlns="https://www.w3.org/2000/09/xmldsig#">G6w2BxgIm8+FsFCwoLu/JsLG3uk=</DigestValue></ds:Reference></ds:SignedInfo><SignatureValue xmlns="https://www.w3.org/2000/09/xmldsig#">
Zk8Nw8mhovVVXS+rLB41wjkP9EcqxvO+EDYVvVRRJf82cDlKsUe3MTwKjM2KetqEJX/r7ibleeuy
KlQnxge1jzTvZR1TID+ucful089KItaqQeVZ3YFvQn7psWNAoJv9VGjpQeGwVMN10T1xvzURJGhm
VkSyjlMujVr0Y5v0k0cqfdkCDaR20XmhlGVusQN4CnV8sY9h7HzBFCfXVTNUofEH7Ykm7e0L9V+k
b6PG9szx1/b2dHFmgwYSgJFRVNUv1/2H8UIYmp8Uf+vMCAVvS1Hartn98DxZNcIEfkWY4b149wtt
3UmFeCjBawH8IVi+PlkL6oFiaCaBw/bFKOizqg==
</SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
MIIFZDCCBEygAwIBAgIQPi7QJMUZWOtDDMMDS5W3GTANBgkqhkiG9w0BAQUFADCBtTELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0g
RzMwHhcNMTQwMTE3MDAwMDAwWhcNMTUwMTE4MjM1OTU5WjCBmTELMAkGA1UEBhMCVVMxETAPBgNV
BAgTCE1pY2hpZ2FuMRIwEAYDVQQHFAlBbm4gQXJib3IxLTArBgNVBAoUJFVuaXZlcnNpdHkgb2Yg
TWljaGlnYW4gSGVhbHRoIFN5c3RlbTERMA8GA1UECxQISVNPLU1DSVQxITAfBgNVBAMUGHAtd2Vi
bG9naW4ubWVkLnVtaWNoLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7pozsS
yqAU4Fa8tXXTDJEdArOd9udSZWNqudHWGw3I3ablSWECbCYFXUgWe+snW2VmFVCp0WEOu4W5zPlI
VPNwanMjEve+GViFdkze2LqyPTx8awJRUdCEMkK9dZlU3WKUSiIwlv3rzgcOgd3VEOmmShgciQli
3ph/HSCZSJZq3qDxzMhFQ3RnuWE+z8JN2wLSO1hK92pC/RjjGVMWSHtF9ElOtCSKsHF79g7wOtJK
E51geyaBGd17Cq5pdFfK6jooLimLskF+HPgoKxGTDGloWyV78klps7SdVNcOz9gNpI3KjCZQKVC+
uF+0On8/3gJteaccn8tcT9geuOj4+mcCAwEAAaOCAYgwggGEMCMGA1UdEQQcMBqCGHAtd2VibG9n
aW4ubWVkLnVtaWNoLmVkdTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0gBDwwOjA4BgpghkgBhvhFAQc2MCowKAYIKwYBBQUHAgEW
HGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHwYDVR0jBBgwFoAUDURcFlNEwYJ+HSCrJfQB
Y9i+eaUwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVyaXNpZ24u
Y29tL1NWUlNlY3VyZUczLmNybDB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
Y3NwLnZlcmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0cDovL1NWUlNlY3VyZS1HMy1haWEudmVy
aXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjANBgkqhkiG9w0BAQUFAAOCAQEAiSB0FR55DGhymk1J
ELv6bCLIS8eGZUT1USq+J1SWKB9PaJvePN+Kp6dH/xA/ErUwZ+1IS4y1a7uLzGhrlDrIDsqU0RS2
ovUqH1cG1C5JZl3/7fVba/+JKEHhdlDxpxfycao3IP/mBxhXhgloXntbqil1HwT/MHUMtrIsrS7s
po2t/AosAxLESuNxOm/v10mM7/0IizZCq7/JlHEpGNzX8jM+YFS4QnoT9mgqbQo/AxHr+lz6vddJ
4q9oaTqH7AZammZ4ScLvOYI8IBJ5VzthU0fNg6NcSJHKfgwnqOGuVTh+0u43gfpvFSWFmQaP5W7S
z0EF7sYuWzDw7RQDa/perg==
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://p-weblogin.med.umich.edu:8443/nidp/saml2/metadata" SPNameQualifier="https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1">470rGcmyYMgWAXQiVwVxL1AHdiRYD3gmYRx2LQ==</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="_960a3667ce40b25b8b5eab20e03b441d401da42fb0" NotOnOrAfter="2014-01-26T03:39:30Z" Recipient="https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2014-01-26T02:34:30Z" NotOnOrAfter="2014-01-26T02:44:30Z"><saml:AudienceRestriction><saml:Audience>https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2014-01-26T02:39:30Z" SessionIndex="idnqPLFwY5K4-nLWZ..YR32QqC5XQ"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef><saml:AuthnContextDeclRef>secure/name/password/uri/p-idm-dir1</saml:AuthnContextDeclRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute xmlns:xs="https://www.w3.org/2001/XMLSchema" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" Name="/UserAttribute[@ldap:targetAttribute="cn"]" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">shrbhagw</saml:AttributeValue></saml:Attribute><saml:Attribute xmlns:xs="https://www.w3.org/2001/XMLSchema" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" Name="/UserAttribute[@ldap:targetAttribute="mail"]" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>

So this part is where the actual attributes are being passed to the SP:

<saml:Attribute xmlns:xs="https://www.w3.org/2001/XMLSchema"
  xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
  Name="/UserAttribute[@ldap:targetAttribute=&qout;cn&qout;]"
  NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
  <saml:AttributeValue xsi:type="xs:string">shrbhagw</saml:AttributeValue>
</saml:Attribute>

You’ll notice that the attribute name is not just “cn” but “/UserAttribute[@ldap:targetAttribute=&qout;cn&qout;]”.

This is what you need to put in the plugin’s user name field. When you do, it will look for this attribute and either create a new WordPress user called “shrbhagw” or log you in as that user. Be sure that your WordPress site doesn’t already have a user by this name, or the plugin will not be able to log you in.

We have user “medhubsamltest” (not present in WordPress)

We get following error A username was not provided.

Here SAML Traces

<samlp:Response xmlns:samlp=”urn:oasis:names:tc:SAML:2.0:protocol”
xmlns:saml=”urn:oasis:names:tc:SAML:2.0:assertion”
Consent=”urn:oasis:names:tc:SAML:2.0:consent:obtained”
Destination=”https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1&#8243;
ID=”idnhivhsGdvSTb9pe99LuOCd9nI7Q”
InResponseTo=”_8e3fe9d748bb3af4db77aac4ac07a8d120fc5b0083″
IssueInstant=”2014-01-26T22:01:46Z”
Version=”2.0″
>
<saml:Issuer>https://p-weblogin.med.umich.edu:8443/nidp/saml2/metadata</saml:Issuer&gt;
<samlp:Status>
<samlp:StatusCode Value=”urn:oasis:names:tc:SAML:2.0:status:Success” />
</samlp:Status>
<saml:Assertion ID=”idH7mZCm8Cbq3L3-K.dj7PHLk14QA”
IssueInstant=”2014-01-26T22:01:46Z”
Version=”2.0″
>
<saml:Issuer>https://p-weblogin.med.umich.edu:8443/nidp/saml2/metadata</saml:Issuer&gt;
<ds:Signature xmlns:ds=”https://www.w3.org/2000/09/xmldsig#”&gt;
<ds:SignedInfo>
<CanonicalizationMethod xmlns=”https://www.w3.org/2000/09/xmldsig#&#8221;
Algorithm=”https://www.w3.org/2001/10/xml-exc-c14n#&#8221;
/>
<ds:SignatureMethod Algorithm=”https://www.w3.org/2000/09/xmldsig#rsa-sha1&#8243; />
<ds:Reference URI=”#idH7mZCm8Cbq3L3-K.dj7PHLk14QA”>
<ds:Transforms>
<ds:Transform Algorithm=”https://www.w3.org/2000/09/xmldsig#enveloped-signature&#8221; />
<ds:Transform Algorithm=”https://www.w3.org/2001/10/xml-exc-c14n#&#8221; />
</ds:Transforms>
<ds:DigestMethod Algorithm=”https://www.w3.org/2000/09/xmldsig#sha1&#8243; />
<DigestValue xmlns=”https://www.w3.org/2000/09/xmldsig#”>dkJInlGrd+hShUFv8yt7z7SHwiA=</DigestValue&gt;
</ds:Reference>
</ds:SignedInfo>
<SignatureValue xmlns=”https://www.w3.org/2000/09/xmldsig#”&gt;
C5C10zCAIy3Eyfuj2kBDzhizBa+fOKCQHwNYJ43t87w2qsf5uilcGyyzE367VAuWxOdPC4c5uyyC
Ql8UIDr6I7XUT6FIjdET9Q/PxRtukHEVPB9RdPujjkBkLqE0d7JO0Wj0qdewp3u52c/G1Nvn4d+R
3jeD1CxlEliUcZYRt3vCiWPcoQ3A0NNwT8ZIhIDlFD8++0b+ICbfEy9mwV682Bg3n/0v8Z8anoGE
pkD2xae1YRxuN3cGIVrR5cgC7SzafjgsGIbFTImTf9KiiJnRR/pE5sBsP5V/Oq01Vdpr7LSfWqbX
5FE02J/qOHvZuP01p3rdOD8pNHt+sxKOpZBlDQ==
</SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIFZDCCBEygAwIBAgIQPi7QJMUZWOtDDMMDS5W3GTANBgkqhkiG9w0BAQUFADCBtTELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0g
RzMwHhcNMTQwMTE3MDAwMDAwWhcNMTUwMTE4MjM1OTU5WjCBmTELMAkGA1UEBhMCVVMxETAPBgNV
BAgTCE1pY2hpZ2FuMRIwEAYDVQQHFAlBbm4gQXJib3IxLTArBgNVBAoUJFVuaXZlcnNpdHkgb2Yg
TWljaGlnYW4gSGVhbHRoIFN5c3RlbTERMA8GA1UECxQISVNPLU1DSVQxITAfBgNVBAMUGHAtd2Vi
bG9naW4ubWVkLnVtaWNoLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7pozsS
yqAU4Fa8tXXTDJEdArOd9udSZWNqudHWGw3I3ablSWECbCYFXUgWe+snW2VmFVCp0WEOu4W5zPlI
VPNwanMjEve+GViFdkze2LqyPTx8awJRUdCEMkK9dZlU3WKUSiIwlv3rzgcOgd3VEOmmShgciQli
3ph/HSCZSJZq3qDxzMhFQ3RnuWE+z8JN2wLSO1hK92pC/RjjGVMWSHtF9ElOtCSKsHF79g7wOtJK
E51geyaBGd17Cq5pdFfK6jooLimLskF+HPgoKxGTDGloWyV78klps7SdVNcOz9gNpI3KjCZQKVC+
uF+0On8/3gJteaccn8tcT9geuOj4+mcCAwEAAaOCAYgwggGEMCMGA1UdEQQcMBqCGHAtd2VibG9n
aW4ubWVkLnVtaWNoLmVkdTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0gBDwwOjA4BgpghkgBhvhFAQc2MCowKAYIKwYBBQUHAgEW
HGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHwYDVR0jBBgwFoAUDURcFlNEwYJ+HSCrJfQB
Y9i+eaUwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVyaXNpZ24u
Y29tL1NWUlNlY3VyZUczLmNybDB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
Y3NwLnZlcmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0cDovL1NWUlNlY3VyZS1HMy1haWEudmVy
aXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjANBgkqhkiG9w0BAQUFAAOCAQEAiSB0FR55DGhymk1J
ELv6bCLIS8eGZUT1USq+J1SWKB9PaJvePN+Kp6dH/xA/ErUwZ+1IS4y1a7uLzGhrlDrIDsqU0RS2
ovUqH1cG1C5JZl3/7fVba/+JKEHhdlDxpxfycao3IP/mBxhXhgloXntbqil1HwT/MHUMtrIsrS7s
po2t/AosAxLESuNxOm/v10mM7/0IizZCq7/JlHEpGNzX8jM+YFS4QnoT9mgqbQo/AxHr+lz6vddJ
4q9oaTqH7AZammZ4ScLvOYI8IBJ5VzthU0fNg6NcSJHKfgwnqOGuVTh+0u43gfpvFSWFmQaP5W7S
z0EF7sYuWzDw7RQDa/perg==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format=”urn:oasis:names:tc:SAML:2.0:nameid-format:transient”
NameQualifier=”https://p-weblogin.med.umich.edu:8443/nidp/saml2/metadata&#8221;
SPNameQualifier=”https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1&#8243;
>bqlvfTMCCGJU8IXTpvSA2afygtSg9YTaneCK0Q==</saml:NameID>
<saml:SubjectConfirmation Method=”urn:oasis:names:tc:SAML:2.0:cm:bearer”>
<saml:SubjectConfirmationData InResponseTo=”_8e3fe9d748bb3af4db77aac4ac07a8d120fc5b0083″
NotOnOrAfter=”2014-01-26T23:01:46Z”
Recipient=”https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1&#8243;
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore=”2014-01-26T21:56:46Z”
NotOnOrAfter=”2014-01-26T22:06:46Z”
>
<saml:AudienceRestriction>
<saml:Audience>https://cworblog.med.umich.edu/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1</saml:Audience&gt;
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant=”2014-01-26T22:01:46Z”
SessionIndex=”idH7mZCm8Cbq3L3-K.dj7PHLk14QA”
>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
<saml:AuthnContextDeclRef>secure/name/password/uri/p-idm-dir1</saml:AuthnContextDeclRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute xmlns:xs=”https://www.w3.org/2001/XMLSchema&#8221;
xmlns:xsi=”https://www.w3.org/2001/XMLSchema-instance&#8221;
Name=”/UserAttribute[@ldap:targetAttribute=&qout;cn&qout;]”
NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified”
>
<saml:AttributeValue xsi:type=”xs:string”>medhubsamltest</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>

I am sending cn “medhubsamltest” to Service provider.

Can you post a screenshot of your “Service Provider” tab in the plugin?

How do i add screenshot ??

We have Name ID Policy as: urn:oasis:names:tc:SAML:2.0:nameid-format:tramsient

Attribute
User Name as cn
First Name :GivenName
Last Name: sn
Emai: mail
Attributes to be used for group: memberof

As I mentioned in my previous post, you need to change the user name field from “cn” to “/UserAttribute[@ldap:targetAttribute=&qout;cn&qout;]”

How do we disable single sign on on WordPress. I am no longer having admin access from browser as I am troubleshooting SAML issue

ERROR: The password you entered for the username shrbhagw is incorrect. Lost your password?

We get above error after login now. The user shrbhagw was already present in Worodpress

For totally new user I get message

The website administrator has not given you permission to log in.

Please advise asap