ISSUE
Customer is unable to log in to the Red Canary portal via SSO and receives an error from Entra ID stating, "The provided claim name format does not match the expected format." The customer has configured the Entra ID Enterprise application and is getting an error when trying to log in via SSO. The customer's claim names include the namespace prefix http://schemas.xmlsoap.org/ws/2005/05/identity/claims.
RESOLUTION
The customer resolved the issue by removing the namespace prefix from the claim names within the Entra ID Enterprise application. The claim names in the Entra ID Enterprise app should be Email, FirstName, and LastName.
To resolve this issue:
- In the Azure portal, navigate to Entra ID > Enterprise Applications.
- Select the Red Canary application and go to the Single sign-on blade.
- Click on the Attributes & Claims section and ensure the claims are named as Email, FirstName, and LastName.
- Remove the
http://schemas.xmlsoap.org/ws/2005/05/identity/claimsnamespace prefix from the claim names. - If the issue persists, verify that the Email field in the user properties is populated. If it is empty, make sure to map the
user.mailattribute to the appropriate Entra ID field (e.g.,user.userprincipalname).
Relevant documentation:
Keywords
Entra ID SSO error, Entra ID SSO login failure, claims in Entra ID, claim name format, Red Canary SSO integration, SAML attributes, http://schemas.xmlsoap.org/ws/2005/05/identity/claims, Azure SSO, single sign-on configuration
Comments
0 comments
Please sign in to leave a comment.