Shibboleth SP and ADFS

Scott Severtson ssevertson at
Tue Apr 5 14:48:16 EDT 2016


We're trying to set up our Shibboleth SP 2.5.2 to work with a client's ADFS
server, and have been running into problems.

In our logs, we see events like:
2016-04-04 15:52:26 INFO Shibboleth-TRANSACTION [155]: New session (ID: )
with (applicationId: default) for principal from (IdP: at (ClientAddress:
with (NameIdentifier: none) using (Protocol:
urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: )
2016-04-04 15:52:26 INFO Shibboleth-TRANSACTION [155]: Cached the following
attributes with session (ID: ) for (applicationId: default) {
2016-04-04 15:52:26 INFO Shibboleth-TRANSACTION [155]: }

The strange part is that the session ID is logged as blank. No errors are
reported. Signature Debugging is enabled, and shows that the XML is being
decrypted correctly.

The client transformed their metadata using "Federation Metadata Manager
for ADFS" (; the modified metadata
is currently at:

Has anyone run into the blank session ID issue? Anything else we or they
should be doing to debug the problem?

Scott Severtson
Digital Measures
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list