AWS and ADFS integration error "principal exists outside the account of the Role being assumed"

"principal exists outside the account of the Role being assumed(Service: AWSSecurityTokenService,Status Code:400; Error Code: ValidationError" Solution: Your AD role is not matching the ADFS role or your AWS role is not attached to SAML Identity Provider.

ADFS and AWS integration error

Error RoleSessionName is required in AuthnResponse (Service: AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken; Request ID: requestId; Proxy: null). Please try again. Solution: Update the AD users email attribute. If the email is not correct, you will still see the same error. Error: Principal exists outside the account of the Role being assumed (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: 73ca564c-45ae-44de-9146-1633efbe10ba; Proxy: null). Please try again. Solution: Fix the email issue as well Error: Your request included an invalid SAML response. To logou Solution: Invalid email address is password in SAML assertion to AWS

Github and ADFS SAML integration error method="GitHub::Authentication::SAML.rails_authenticate" ip=yourip at="failure - Invalid SAML response" login=_unknown errors='["Digest mismatch", "No assertion found", "Audience is invalid. Audience attribute does not match

 ADFS and Github integration error

Error on github side

method="GitHub::Authentication::SAML.rails_authenticate" ip=yourip at="failure - Invalid SAML response" login=_unknown errors='["Digest mismatch", "No assertion found", "Audience is invalid. Audience attribute does not match

Solution:

The issue was Github Single Sing on URL and/or Issuer url was not correct, make sure to compare the value of IDP ACS and entityid with GitHub configuration.

github integration with ADFS using SAML "failure - Invalid SAML response" '["Digest mismatch"]'

 ADFS and Github SAML integration error

Error

"failure - Invalid SAML response" '["Digest mismatch"]'

Solution:

This error is a SAML integration error and it can occur during any application SAML integration. The real cause of this error is due to the Certificate miss-match. The issue was Github had a different certificate than the IDP certificate. make sure you download the correct certificate from the ADFS side or if you don't know which certificate, you can copy the certificate from the IDP file and upload the certificate (after decrypting) to the GitHub side. Also, make sure the IDP encryption is checked on the GitHub site and the certificate is showing correct values after uploading into GitHub.

other issues could be, the user does not exist on the GitHub side(user has to be present in Github users directory) or the right roles are not being passed.