Microsoft Entra ID/SAML SSO and the OASIS prefix : Honeycomb Support

Problem statement: I’m trying to configure Microsoft Entra ID/SAML SSO in Honeycomb, but I keep getting a "SAML assertion must have Email, FirstName, and LastName statements: Email was missing or empty, FirstName was missing or empty, LastName was missing or empty" error message despite providing those details in my assertion.

Cause: Regularly when investigating these issues, the mapping for the assertion coming through in the Honeycomb backend will look like this:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/FirstName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/LastName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/Email

Rather than the expected:

FirstName

LastName

The prefix which we see above here (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/) is a namespace prefix used in the OASIS (Organization for the Advancement of Structured Information Standards) table model.

You can view these by editing the Attributes & Claims section in the Microsoft setup. On the main page, it looks like they are configured as expected...

...but when you go into the edit section as below, it shows them in more detail with the prefix:

Configure your assertion to remove this in Microsoft’s configuration and you should be able to complete your SSO configuration without any problems.

Microsoft Entra ID/SAML SSO and the OASIS prefix Print

Related Articles