Issue
When attempting to authenticate with SAML, the following error might occur:SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration.
Last Modified Date: 06 Dec 2019
SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration.
Environment
- Tableau Server
- SAML
Resolution
Work with your IdP to ensure that the NameId element is passed in the Subject block of the SAML response.For example, see a Subject including NameID:
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">John</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="http://servername/wg/saml/SSO/index.html"
NotOnOrAfter="date/time"
InResponseTo="......."/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">John</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="http://servername/wg/saml/SSO/index.html"
NotOnOrAfter="date/time"
InResponseTo="......."/>
</saml:SubjectConfirmation>
</saml:Subject>
Cause
NameID included in the Subject of the assertion is required by the SAML 2.0 protocol.Additional Information
For additional information about this topic, see in Authentication failed: error validating saml message : nameid element must be present as part of the subject in the response message, please enable it in the idp configuration.
Thank you for providing your feedback on the effectiveness of the article.
Open new Case
Continue Searching
Knowledge Base
Community
Product Help
Training and Tutorials