how to release uid as nameid
Peter Schober
peter.schober at univie.ac.at
Thu Mar 20 16:16:28 EDT 2014
* Qian, Yi <yqian at ku.edu> [2014-03-20 20:51]:
> The vendor request us to use uid as nameid, such as
> <saml:subject>
> <saml:nameid>yqian</saml:nameid>
> </saml:subject>
>
> And in their metadata, they listed nameid format as
>
> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:entity</md:NameIDFormat>
That's nonsense, of course. For one that NameID isn't even defined in
the specs, and two in SAML2.0 (where something like that is defined,
Core section 8.3.6) the NameID format
"urn:oasis:names:tc:SAML:2.0:nameid-format:entity" is specified as:
"the identifier of an entity that provides SAML-based services (such
as a SAML authority, requester, or responder) or is a participant in
SAML profiles (such as a service provider supporting the browser SSO
profile)."
So clearly this is NOT meant to identify a subject/principal/user, but
a SAML entity.
-peter
More information about the users
mailing list