The SAML authentication request property 'Subject' is not supported and must not be set

%3CLINGO-SUB%20id%3D%22lingo-sub-1379700%22%20slang%3D%22fr-FR%22%3EThe%20SAML%20authentication%20request%20property%20'Subject'%20is%20not%20supported%20and%20must%20not%20be%20set%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1379700%22%20slang%3D%22fr-FR%22%3E%3CDIV%3E%3CFONT%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20trying%20to%20deploy%20a%20strategy%20of%20setting%20up%20a%20mobile%20app%20from%20intune%20on%20our%20Android%20smartphone.%20%3CBR%20%2F%3EThe%20strategy%20is%20well%20deployed%2C%20but%20at%20the%20launch%20of%20the%3CBR%20%2F%3Eapplication%20on%20mobile%2C%20I%20have%20the%20following%20message%3A%20%22Message%3A%20AADSTS900236%3A%20The%20SAML%20authentication%20request%20property%20'Subject'%20is%20not%20supported%20and%20must%20not%20be%20set.%22%26nbsp%3B%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3EThe%20application%20asks%20for%20configuration%20keys%2C%20including%20an%20optional%20one%20that%20is%20the%20%22NameID%22%20that%20corresponds%20to%20the%20mail.%20I%20use%20'mail'%20as%20specified%20in%20the%20Microsoft%20document.%20Hence%20the%20error%20message.%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3EIf%20I%20do%20not%20use%20this%20configuration%20key%2C%20it%20works%20but%20the%20application%20rejects%20Authentication%20because%20in%20the%20subject%2C%20NameID%2C%20it%20is%20not%20the%20email%20that%20is%20sent%20but%20the%20account%20id%20azure%20(example%3A%20fc0dc142-71d8-4b12-bbea-bae2a8514c81).%20The%20latter%20is%20not%20recognized%20by%20the%20application.%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3EHow%20stated%20in%20Intune%20that%20you%20should%20send%20the%20email%20address%20in%20the%20SAML%20Subject%2C%20not%20the%20id%20account%3F%20%3CBR%20%2F%3EThank%20you%20for%20your%20%3CBR%20%2F%3Ehelp.%20%3CBR%20%2F%3EKindly%26nbsp%3B%3C%2FFONT%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1379700%22%20slang%3D%22fr-FR%22%3E%3CLINGO-LABEL%3EAndroid%20Enterprise%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Frequent Visitor
Bonjour,
 
J'essaie de déployer une stratégie de configuration d'une application mobile depuis intune sur nos smartphone Android.
La stratégie est bien déployée, mais au lancement de l'application sur le mobile, j'ai le message suivant :
"Message: AADSTS900236: The SAML authentication request property 'Subject' is not supported and must not be set."
L'application demande des clés de configurations, dont une optionnelle qui est le "NameID" qui correspond au mail. J'utilise bien {{mail}} comme précisé dans la document Microsoft. D'où le message d'erreur.
 
Si je n'utilise pas cette clé de configuration, cela fonctionne mais l'application rejette l'Authentification car dans le subject, NameID, ce n'est pas le mail qui est envoyé mais le account id d'Azure (exemple : fc0dc142-71d8-4b12-bbea-bae2a8514c81). Ce dernier n'est pas reconnu par l'application.
 
Comment indiqué dans Intune qu'il faut envoyer l'adresse mail dans le SAML Subject, et non pas l'account id?
 
Je vous remercie pour votre aide.
Cordialement
0 Replies