Setting "Format" attribute in NameIDPolicy of AuthnRequest.
Emilio Penna
emilio.penna at seciu.edu.uy
Wed May 14 18:55:50 EDT 2014
Kevin, Tom, thanks for the responses.
In my scenario, the IdP can give the NameID with "emailAddress" format,
(I can obtain it if I make the AuthnRequest "by hand" with opensaml)
What I need is a way to configure shibboleth SP to add the "Format"
attribute.
thanks
Emilio
El 14/05/2014 07:40 p.m., Tom Scavo escribió:
> On Wed, May 14, 2014 at 6:36 PM, Kevin Foote <kpfoote at uoregon.edu> wrote:
>>
>> On May 14, 2014, at 3:22 PM, Emilio Penna <emilio.penna at seciu.edu.uy> wrote:
>>
>>> Hello, I'm starting with Shibboleth SP (version 2.5.3). Shibboleth SP is
>>> generating AuthnRequest with
>>>
>>> <samlp:NameIDPolicy AllowCreate="1" />
>>>
>>> It works, and the IdP responds with a persistent identifier, but I need
>>> the emailAddress as NameID…
>>
>> As an SP you can request a NameID type but you can not guarantee that the IdP will
>> give it to you.
>
> I don't think so. The SAML spec is pretty clear on that. It's a MUST in fact.
>
> Tom
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
More information about the users
mailing list