Microsoft SSO Integration - Solved

Your software
My Mautic version is: 4.0.1
My PHP version is: 7.4
My Database type and version is: 10.6.3-MariaDB

I am using a nginx frontend and a php-fpm backend both in docker instances.

Your problem
My problem is:

I am attempting to allow users to sign in through SSO, however when anyone tries to login we get Invalid login. Please verify credentials.

I know the credentials are correct because I am already logged into microsoft with them and it just redirects me and auto logs me in. In addition, I have attempted to install different versions of mautic 4.0.0, 4.0.1, and 3.3.4. I have also attempted to change the specified IDP claims to their “Display Name” and the actual claim names as specified in the federated metadata xml. The only thing I have not done is generate a x.509 certificate as I was under the impression that this step is optional. Is it actually required?

Thanks for any help anyone can provide.
Isaac.

These errors are showing in the log:
There are no errors show in the log relating to SSO only entries like below:
[2021-10-04 20:16:29] mautic.DEBUG: CAMPAIGN: Current contact ID# 6
[2021-10-04 20:16:29] mautic.DEBUG: CAMPAIGN: Contact does not have any applicable page.devicehit associations.

EDIT:

This has been solved. We found out we needed to use the full xml URL based specification instead of the names of the specification or specification IDs provided by microsoft.

EG:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
**instead of **
surname or Surname as specified in the azure admin portal and the xml

Provided URL OIDs no longer work. Alternatively one can specify OID literals such as:

urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (for eduPersonPrincipalName - I personally use it as Login attribute)
or
urn:oid:0.9.2342.19200300.100.1.1 (for uid)
urn:oid:0.9.2342.19200300.100.1.3 (for mail)
urn:oid:2.5.4.42 (for givenName)
urn:oid:2.5.4.4 (for sn/surname)