Assertion Response Subject NameQualifier
Cantor, Scott
cantor.2 at osu.edu
Fri Sep 5 14:53:28 EDT 2014
On 9/4/14, 11:26 AM, "Royder, Kyle D" <kroyder at austin.utexas.edu> wrote:
>Hi,
>
> I cannot find any information on this so I¹m assuming it¹s not
>something that can/should be done. I¹m using the newest version of the
>Shibboleth IdP and I¹m trying to integrate with an SP that has been
>fairly difficult. They have suggested that I remove the NameQualifer
>from the subject nameid part of the assertion response because it might
>be causing problems. I¹ve removed/changed some of the values below in
>the example. I just wanted to be clear that they wanted me to remove the
>following
> NameQualifier from the IdP assertion response.
>
> Is this possible?
In typical cases, V2 only generates the NameQualifier if it's told to in
the AttributeEncoder configuration used.
It's NameID format specific as to whether it should be there, so lacking
more information, I don't know what the use case is, whether it should be
there, whether it's a good idea to omit it, etc.
If it's being set to the IdP's name, then I wouldn't expect anything would
be fixed by omitting it.
-- Scott
More information about the users
mailing list