Adding a SubjectConfirmation for an AttributeQuery
Cantor, Scott
cantor.2 at osu.edu
Mon Nov 26 09:08:02 EST 2012
On 11/26/12 8:36 AM, "Juhani Gurney" <juhani at eduix.fi> wrote:
>
>According to the admins of the service the error is related to the
>missing SubjectConfirmation element. So my first question is, how do I
>configure Shib to add...
><saml:SubjectConfirmation
>Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
>Š to the message?
You can't, that isn't supported. Sender-vouches in SAML is more or less a
no-op, it really means there is no subject confirmation, so in this
particular instance it's pretty strange to require it. But no, it's not
supported.
>Also, as you can see from the example, the service also expects us to
>send the userid as an attribute (I don't quite understand why as it is in
>the NameID). Is there a way of
> doing that?
No. You can configure it to request specific attributes or values, per the
spec, but you can't make that dynamic.
All of this of course is with the caveat "unless you write your own code".
-- Scott
More information about the users
mailing list