Adding a SubjectConfirmation for an AttributeQuery
Juhani Gurney
juhani at eduix.fi
Mon Nov 26 09:37:48 EST 2012
Cantor, Scott kirjoitti 26.11.2012 kello 16.08:
> On 11/26/12 8:36 AM, "Juhani Gurney" <juhani at eduix.fi> wrote:
>>
>> According to the admins of the service the error is related to the
>> missing SubjectConfirmation element. So my first question is, how do I
>> configure Shib to add...
>> <saml:SubjectConfirmation
>> Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
>> Š to the message?
>
> You can't, that isn't supported. Sender-vouches in SAML is more or less a
> no-op, it really means there is no subject confirmation, so in this
> particular instance it's pretty strange to require it. But no, it's not
> supported.
>
>> Also, as you can see from the example, the service also expects us to
>> send the userid as an attribute (I don't quite understand why as it is in
>> the NameID). Is there a way of
>> doing that?
>
> No. You can configure it to request specific attributes or values, per the
> spec, but you can't make that dynamic.
>
> All of this of course is with the caveat "unless you write your own code".
>
Ok, thanks for clarifying this!
Cheers,
Juhani
More information about the users
mailing list