Persistent Assertion/Subject/NameID from LDAP Attribute

Cantor, Scott cantor.2 at osu.edu
Fri Aug 10 10:37:31 EDT 2012


On 8/10/12 12:05 AM, "Henry B. Hotz" <hotz at jpl.nasa.gov> wrote:
>
>If that's what's wanted by a specific SP, shouldn't the <NameIDFormat>
>metadata make it unnecessary to to put a preference in the RelyingParty?

I believe the IdP does look at that, yes. No other implementations of SAML
will, FWIW.

>Just asking.  Everything's working now, but I need to clean things up a
>bit.

The preference rule in relying-party.xml was added to make it cleaner to
unilaterally control the format used without having to use odd-looking
filter policies. Normally you don't control the SP's metadata so
manipulating that isn't the approach generally used.

-- Scott



More information about the users mailing list