@jegilber Nope this is not expected. I am sure there must be some other issue which you hit. Ideally you should configure the claim name as Role and the other value goes in Namespace and this configuration works which we have tested. I am not sure why you hit that issue.

please-close

I can confirm this is an issue and had to do the same changes.

See https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_saml.html#troubleshoot_saml_invalid-response

Agreed, this is an issue. The values have to be as above (corrected to match your AWS).

I had to do same changes to make it work. Actually, it was working till around the 20th of June with the "normal" configuration.

@garrathleeds We will retest this and will let you know again. @chetansriv Can you please configure this app again in Azure AD and retest the application?

@marcvi Thanks for the note now we will reconfigure this and test it out.

Hi,

Thanks you ver much, as I said, and hope it helps, we has been using the
App for like 8 months With 0 issues útil de 20th of June, more or less.

Appeciate your effort.

Cheers,

El dv., 6 jul. 2018 18.46, Jeevan Desarda notifications@github.com va
escriure:

@marcvi https://github.com/marcvi Thanks for the note now we will
reconfigure this and test it out.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MicrosoftDocs/azure-docs/issues/10098#issuecomment-403087660,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AXucQRlK0RmNGI2X28f6p8_4SJUj3wGoks5uD5RagaJpZM4Ukzuv
.

@marcvi I will also check internally that have we changed something or this is regression.

I hit the same issue.
Just to clarify, you need to edit the Role attribute, and replace
user.assignedroles
with
arn:aws:iam::account-number:role/role-name1,arn:aws:iam::account-number:saml-provider/provider-name.

Role ARN(Created in step 17) and Identity Provider ARN (Created in step 14) must be copied from respective pages. Also, make sure that the Value field has RoleARN and IdentityProviderARN in format RoleARN,IdentityProviderARN without spaces. Otherwise login will not work.

Please reopen this issue and update documentation.

@maticko You are trying to hard code the Role into it. We don't recommend to use it in this way. Can you please schedule meeting with me and we can help you to resolve the issue?
My calendar availability is published here https://freebusy.io/[email protected]

@jeevansd No need for a meeting. After resolving this issue in a described way, I realised that I basically need to follow, https://docs.microsoft.com/en-gb/azure/active-directory/saas-apps/aws-multi-accounts-tutorial for my case. And I reverted the Role attribute to user.assignedroles and it followed those instructions. Now it is working.

@maticko Thanks for the confirmation. We are happy to hear that you got it working as expected.

In my case I failed to assign the user a role and left it at Default Role which has no equivalent in AWS. This needs to be explained in the documentation.

Hi Guys,

I am not able to get the Value Roles at all from the Sign on .

Thanks
samrat