Summary
SAML assertions don’t seem to work with mattermost vs Entra ID
I have set up my E20 Mattermost as a SAML app in Entra/AAD and I can seem to figure out what Mattermost will accept as SAML Claims.
For example:
AAD has http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress so I put emailaddress in the Email Attribute field.
The log says this:
SAML login was unsuccessful because one of the attributes is incorrect. Please contact your System Administrator., emailaddress attribute is missing
Yet, the Received Assertion info directly above this has this:
Error{{urn:oasis:names:tc:SAML:2.0:assertion Attribute} http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress [{{urn:oasis:names:tc:SAML:2.0:assertion AttributeValue} tom@xxxxxxxx.com}]}
I don’t know what to do about this.