SSO with ADFS and SAML

  • Used Zammad version: 3.3.X
  • Used Zammad installation source: (source, package, …)
  • Operating system: Debian 9
  • Browser + version: Chrome 83.0.4103.116

Expected behavior:

  • Hey folks, I set up SAML with ADFS with the configuration mentioned in this thread:
    Microsoft ADFS SAML authentication
    I expected a regular SSO over Windows clients without enter credentials.

Actual behavior:

  • If I press the SAML button I always get just redirect to the ADFS login page. Has anyone an idea why I don’t get passed through? ADFS seems to work because if I authenticate on the ADFS login page, Zammad opens and I’m logged in.

Steps to reproduce the behavior:

Thanks to all!

The solution was the following:
I’d add the URL’s of the ADFS and zammad server to the trusted sites list from internet options configuration. You can do this by GPO e.g.

Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\ **Site to Zone Assignment List

Activate the policy and enter both URL’s in the value field and assign them a value of 1.
For example:
value name value
https://zammad.domain.local 1
https://adfs.domain.local 1

Worked for me at least.

Regards

1 Like