Unspecified NameId format and IdP 3.2
Nanda Kumar
NKK at FISCHERINTERNATIONAL.COM
Thu Dec 3 14:08:36 EST 2015
Hello,
I can't get the NameID to be generated in the response of the IdP when working with Google apps as SP. Google apps sets the NameIdPolicy with a format of urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified in the authentication request. It's metadata also has the same NameIDFormat.
Doesn't Shib IdP 3.2 support the urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified name id format anymore? I see the following statement in the logs:
"Ignoring NameIDFormat metadata that includes the 'unspecified' format".
When I don't specify any nameIDFormatPrecedence in the relying party xml for the google apps sp, it defaults to the transient NameID generator, the output of which is not a valid id for Google Apps.
Thanks
Nanda
======================================================================
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient and may contain originating company confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail or notify the postmaster at fisc.com<applewebdata://C7998FB1-8D0A-4CA3-B689-30E2F4A29B9A/postmaster@fisc.com> and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151203/828e0c24/attachment.html>
More information about the users
mailing list