| License Type | SaaS & On-Premises |
| Agent Mode | Assess & Protect |
| Main Product Category | Contrast UI |
| Sub Category | Authentication |
Issue
After setting up SSO integration with ADFS, I'm receiving a 405 when I try to login.
Cause
This can be caused by a couple of different issues. So, first things first, let's check the logs for errors relating to your SAML URL.
SaaS customers, please submit a ticket and we'll check our backend logs for you.
On-Premises customers please take a look at you contrast.log located at $CONTRAST_HOME/data/logs/contrast.log.
Error #1
All I can find is a generic 405 error!
Resolution
Please make sure you are attempting to login from a new browser window or an incognito tab. We don't want any cached session data interfering with our shiny new ADFS login.
Still not working? It does occasionally take some time for the config to sync across all of our SaaS nodes. If it's already been a while and you're still seeing issues, please submit a ticket and the Support team will be able to assist further.
Error #2
The logs are showing the following error:
071217 12.02.21,835 {} {} {} INFO (SAMLDefaultLogger.java:127) AuthNResponse;FAILURE;68.87.42.110;https://app.contrastsecurity.com/Contrast//saml/metadata;http://customer.url.here/adfs/services/trust;;;org.opensaml.common.SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration
Resolution
This indicates that a little more configuration is required on the ADFS side. As shown in the following screenshots, the NameID needs to be mapped to the your LDAP email address attribute - this needs to be an email address as opposed to a generic user ID, as we use it for sending notifications etc from the Contrast server.
