Symantec Access Management

Hello Community.

I configured all parameters for WSFed partnership between Siteminder (v12.8) and Office365. When I test the Authentication process, it fails with error code AADSTS51004 from MS o365 side. I checked the attribute ImmutableId and it's encoded (I guess it's Base64). Is this the root cause for this issue?

When I check my lab environment ImmutableId, it is plain text (user@domain.com) and my lab works fine. Additionally, I know there's a way to change the ImmutableId to store its value with no encoding. But it would be great to make it works encoded.

Is it some way to make Authentication works preserving ImmutableId encoded?

What else can I do to solve this issue?

Thanks in advance for your help.

Best,

Mauricio.

Hi Mauricio,

If your environment has Entra Connect/Azure AD Sync configured, in many cases ImmutableID is based on ObjectGUID in AD.

Please take a look at https://broadcomcms-software-agent.wolkenservicedesk.com/wolken/esd/knowledge-base-view/view-kb-article?articleNumber=41733 to see if that helps to resolve the issue.

Regards,

Richard

Hello Community.

I configured all parameters for WSFed partnership between Siteminder (v12.8) and Office365. When I test the Authentication process, it fails with error code AADSTS51004 from MS o365 side. I checked the attribute ImmutableId and it's encoded (I guess it's Base64). Is this the root cause for this issue?

When I check my lab environment ImmutableId, it is plain text (user@domain.com) and my lab works fine. Additionally, I know there's a way to change the ImmutableId to store its value with no encoding. But it would be great to make it works encoded.

Is it some way to make Authentication works preserving ImmutableId encoded?

What else can I do to solve this issue?

Thanks in advance for your help.

Best,

Mauricio.

Hi Richard.

Is there some other way to access the link you shared? I'm having an issue when I try to follow the link:

Maybe it's a protected resource. Please your help on this. Thanks in advance.

Best,

Mauricio.

Hi Mauricio,

If your environment has Entra Connect/Azure AD Sync configured, in many cases ImmutableID is based on ObjectGUID in AD.

Please take a look at https://broadcomcms-software-agent.wolkenservicedesk.com/wolken/esd/knowledge-base-view/view-kb-article?articleNumber=41733 to see if that helps to resolve the issue.

Regards,

Richard

Hello Community.

I configured all parameters for WSFed partnership between Siteminder (v12.8) and Office365. When I test the Authentication process, it fails with error code AADSTS51004 from MS o365 side. I checked the attribute ImmutableId and it's encoded (I guess it's Base64). Is this the root cause for this issue?

When I check my lab environment ImmutableId, it is plain text (user@domain.com) and my lab works fine. Additionally, I know there's a way to change the ImmutableId to store its value with no encoding. But it would be great to make it works encoded.

Is it some way to make Authentication works preserving ImmutableId encoded?

What else can I do to solve this issue?

Thanks in advance for your help.

Best,

Mauricio.

Apologies Mauricio. I had mistaken that customers with support access would be able to access the KB article. The key piece of information in the article indicates you can use the following syntax in the partnership to pass binary attributes such as ObjectGUID:

Assertion Attributes:

Type: User Attribute

Value: 'ObjectGUID;binary'

This assumes you are using ObjectGUID as the sourceAnchor attribute in Azure AD Connect.

Regards,

Richard

Hi Richard.

Is there some other way to access the link you shared? I'm having an issue when I try to follow the link:

Maybe it's a protected resource. Please your help on this. Thanks in advance.

Best,

Mauricio.

Hi Mauricio,

If your environment has Entra Connect/Azure AD Sync configured, in many cases ImmutableID is based on ObjectGUID in AD.

Please take a look at https://broadcomcms-software-agent.wolkenservicedesk.com/wolken/esd/knowledge-base-view/view-kb-article?articleNumber=41733 to see if that helps to resolve the issue.

Regards,

Richard

Hello Community.

I configured all parameters for WSFed partnership between Siteminder (v12.8) and Office365. When I test the Authentication process, it fails with error code AADSTS51004 from MS o365 side. I checked the attribute ImmutableId and it's encoded (I guess it's Base64). Is this the root cause for this issue?

When I check my lab environment ImmutableId, it is plain text (user@domain.com) and my lab works fine. Additionally, I know there's a way to change the ImmutableId to store its value with no encoding. But it would be great to make it works encoded.

Is it some way to make Authentication works preserving ImmutableId encoded?

What else can I do to solve this issue?

Thanks in advance for your help.

Best,

Mauricio.