(Workaround) Enable service provider-initiated authentication

Australia Platform security

Release

australia

ft:locale

ko-KR

ft:publication_title

Australia Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

(Workaround) Enable service provider-initiated authentication

릴리스 버전: Australia

업데이트 날짜 2026년 03월 12일

소요 시간: 2분

Use this workaround if authentication fails because you do not have SAML 2.0 Update 1. This issue can happen if users attempt to skip IdP authentication and navigate directly to the instance.

시작하기 전에

Role required: sso_config_admin, business_rule_admin, script_include_admin

이 태스크 정보

This error occurs when the instance doesn't provide ADFS with the needed definition and semantics for the SPNameQualifier attribute in the SAMLResponse.

Enable service provider-initiated authentication by doing one of the following actions:

프로시저

Upgrade to SAML 2.0 Update 1 and clear the option to create an AuthnContextClass request.
Modify the SAML2 script include to comment out the definitions of the SPNameQualifier attribute when you have SAML 2.0 active (not SAML 2.0 Update 1).
Comment out these lines in the createNameID and createNameIDPolicy functions:
```
//nid.setSPNameQualifier (serviceURL ) ;

 //nameIdPolicy. setSPNameQualifier (serviceURLStr ) ;
```

다음에 수행할 작업

If you do not want the login prompt from your ADFS server to appear when you access the instance, set the following SAML 2.0 Update 1 property to false: Create an AuthnContextClass request in the AuthnRequest statement (glide.authenticate.sso.saml2.createrequestedauthncontext).